PT-2024-5550 · Fortinet · Fortiportal

Published

2024-07-09

Updated

2024-09-09

CVE-2024-21759

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0

Description The issue is related to an authorization bypass in the administration interface of Fortinet FortiPortal, which can be exploited by using a user-controlled key. This allows a remote attacker to disclose protected information by sending specially crafted HTTP or HTTPS requests.

Recommendations For Fortinet FortiPortal versions 7.0.0 through 7.0.6, update to a version that fixes the authorization bypass issue. For Fortinet FortiPortal version 7.2.0, update to a version that fixes the authorization bypass issue. As a temporary workaround, consider restricting access to the administration interface to minimize the risk of exploitation.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

BDU:2024-06229

CVE-2024-21759

Affected Products

Fortiportal

PT-2024-5550 · Fortinet · Fortiportal

CVE-2024-21759

Weakness Enumeration

Related Identifiers

Affected Products

References · 7