cnvd - cnvd-2021-60534

CNVD-2021-60534

Vulnerability from cnvd - Published: 2021-08-10

Title

Fortinet FortiPortal信任管理问题漏洞

Description

Fortinet FortiPortal是美国飞塔（Fortinet）公司的FortiGate、FortiWiFi 和 FortiAP 产品线的高级、功能丰富的托管安全分析和管理支持工具，可作为虚拟机供 MSP 使用。 Fortinet FortiPortal存在信任管理问题漏洞，该漏洞源于在应用程序代码中存在硬编码的Tomcat Manager用户名和密码。攻击者可利用该漏洞使用硬编码凭据访问受影响的系统，并以root用户的身份执行任意命令。

Severity

高

Patch Name

Fortinet FortiPortal信任管理问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.cybersecurity-help.cz/vdb/SB2021080312

Reference

https://www.cybersecurity-help.cz/vdb/SB2021080312

Impacted products

Name
['Fortinet FortiPortal 5.0.0', 'Fortinet FortiPortal 5.0.1', 'Fortinet FortiPortal 5.0.2', 'Fortinet FortiPortal 5.0.3', 'Fortinet FortiPortal 5.1.0', 'Fortinet FortiPortal 5.1.1', 'Fortinet FortiPortal 5.1.2', 'Fortinet FortiPortal 5.2.0', 'Fortinet FortiPortal 5.2.1', 'Fortinet FortiPortal 5.2.2', 'Fortinet FortiPortal 5.2.3', 'Fortinet FortiPortal 5.2.4', 'Fortinet FortiPortal 5.2.5', 'Fortinet FortiPortal 5.3.0', 'Fortinet FortiPortal 5.3.1', 'Fortinet FortiPortal 5.3.2', 'Fortinet FortiPortal 5.3.3', 'Fortinet FortiPortal 5.3.4', 'Fortinet FortiPortal 5.3.5', 'Fortinet FortiPortal 6.0.0', 'Fortinet FortiPortal 6.0.1', 'Fortinet FortiPortal 6.0.2', 'Fortinet FortiPortal 6.0.3', 'Fortinet FortiPortal 6.0.4']

Name

['Fortinet FortiPortal 5.0.0', 'Fortinet FortiPortal 5.0.1', 'Fortinet FortiPortal 5.0.2', 'Fortinet FortiPortal 5.0.3', 'Fortinet FortiPortal 5.1.0', 'Fortinet FortiPortal 5.1.1', 'Fortinet FortiPortal 5.1.2', 'Fortinet FortiPortal 5.2.0', 'Fortinet FortiPortal 5.2.1', 'Fortinet FortiPortal 5.2.2', 'Fortinet FortiPortal 5.2.3', 'Fortinet FortiPortal 5.2.4', 'Fortinet FortiPortal 5.2.5', 'Fortinet FortiPortal 5.3.0', 'Fortinet FortiPortal 5.3.1', 'Fortinet FortiPortal 5.3.2', 'Fortinet FortiPortal 5.3.3', 'Fortinet FortiPortal 5.3.4', 'Fortinet FortiPortal 5.3.5', 'Fortinet FortiPortal 6.0.0', 'Fortinet FortiPortal 6.0.1', 'Fortinet FortiPortal 6.0.2', 'Fortinet FortiPortal 6.0.3', 'Fortinet FortiPortal 6.0.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32588"
    }
  },
  "description": "Fortinet FortiPortal\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684FortiGate\u3001FortiWiFi \u548c FortiAP \u4ea7\u54c1\u7ebf\u7684\u9ad8\u7ea7\u3001\u529f\u80fd\u4e30\u5bcc\u7684\u6258\u7ba1\u5b89\u5168\u5206\u6790\u548c\u7ba1\u7406\u652f\u6301\u5de5\u5177\uff0c\u53ef\u4f5c\u4e3a\u865a\u62df\u673a\u4f9b MSP \u4f7f\u7528\u3002\n\nFortinet FortiPortal\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5b58\u5728\u786c\u7f16\u7801\u7684Tomcat Manager\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u786c\u7f16\u7801\u51ed\u636e\u8bbf\u95ee\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\uff0c\u5e76\u4ee5root\u7528\u6237\u7684\u8eab\u4efd\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.cybersecurity-help.cz/vdb/SB2021080312",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-60534",
  "openTime": "2021-08-10",
  "patchDescription": "Fortinet FortiPortal\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684FortiGate\u3001FortiWiFi \u548c FortiAP \u4ea7\u54c1\u7ebf\u7684\u9ad8\u7ea7\u3001\u529f\u80fd\u4e30\u5bcc\u7684\u6258\u7ba1\u5b89\u5168\u5206\u6790\u548c\u7ba1\u7406\u652f\u6301\u5de5\u5177\uff0c\u53ef\u4f5c\u4e3a\u865a\u62df\u673a\u4f9b MSP \u4f7f\u7528\u3002\r\n\r\nFortinet FortiPortal\u5b58\u5728\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5b58\u5728\u786c\u7f16\u7801\u7684Tomcat Manager\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u786c\u7f16\u7801\u51ed\u636e\u8bbf\u95ee\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\uff0c\u5e76\u4ee5root\u7528\u6237\u7684\u8eab\u4efd\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiPortal\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiPortal 5.0.0",
      "Fortinet FortiPortal  5.0.1",
      "Fortinet FortiPortal  5.0.2",
      "Fortinet FortiPortal  5.0.3",
      "Fortinet FortiPortal  5.1.0",
      "Fortinet FortiPortal  5.1.1",
      "Fortinet FortiPortal  5.1.2",
      "Fortinet FortiPortal  5.2.0",
      "Fortinet FortiPortal  5.2.1",
      "Fortinet FortiPortal  5.2.2",
      "Fortinet FortiPortal  5.2.3",
      "Fortinet FortiPortal  5.2.4",
      "Fortinet FortiPortal  5.2.5",
      "Fortinet FortiPortal  5.3.0",
      "Fortinet FortiPortal  5.3.1",
      "Fortinet FortiPortal  5.3.2",
      "Fortinet FortiPortal  5.3.3",
      "Fortinet FortiPortal  5.3.4",
      "Fortinet FortiPortal  5.3.5",
      "Fortinet FortiPortal  6.0.0",
      "Fortinet FortiPortal  6.0.1",
      "Fortinet FortiPortal  6.0.2",
      "Fortinet FortiPortal  6.0.3",
      "Fortinet FortiPortal  6.0.4"
    ]
  },
  "referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2021080312",
  "serverity": "\u9ad8",
  "submitTime": "2021-08-04",
  "title": "Fortinet FortiPortal\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2021-32588 (GCVE-0-2021-32588)

Vulnerability from cvelistv5 – Published: 2021-08-18 21:30 – Updated: 2024-10-25 13:51

Summary

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

CWE

Authentication bypass, Improper command execution as root

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/advisory/FG-IR-21-077

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiPortal	Affected: FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-077"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:19:19.159785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:51:18.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 9.3,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication bypass, Improper command execution as root",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-18T21:30:12",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-077"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-32588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiPortal",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "High",
            "baseScore": 9.3,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication bypass, Improper command execution as root"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-077",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-077"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-32588",
    "datePublished": "2021-08-18T21:30:12",
    "dateReserved": "2021-05-11T00:00:00",
    "dateUpdated": "2024-10-25T13:51:18.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-60534

CVE-2021-32588 (GCVE-0-2021-32588)

Tags

Sightings

Nomenclature