CVE-2021-32594
Severity CVSS v4.0:
Pending analysis
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
04/08/2021
Last modified:
11/08/2021
Description
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
5.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.0.4 (including) |
| cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | 4.1.0 (including) | 4.1.2 (including) |
| cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | 4.2.0 (including) | 4.2.4 (including) |
| cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | 5.0.0 (including) | 5.0.3 (including) |
| cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | 5.1.0 (including) | 5.1.2 (including) |
| cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | 5.2.0 (including) | 5.2.6 (excluding) |
| cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | 5.3.0 (including) | 5.3.6 (excluding) |
| cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* | 6.0.0 (including) | 6.0.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page