CVE-2021-32594

An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.

Published: Aug 4, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-32594
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
fortinet / fortiportal	6.0.0	6.0.5
fortinet / fortiportal	5.3.0	5.3.6
fortinet / fortiportal	5.2.0	5.2.6
fortinet / fortiportal	5.1.0	5.1.2.x
fortinet / fortiportal	5.0.0	5.0.3.x
fortinet / fortiportal	4.2.0	4.2.4.x
fortinet / fortiportal	4.1.0	4.1.2.x
fortinet / fortiportal	4.0.0	4.0.4.x

https://fortiguard.com/advisory/FG-IR-21-092

Vulnerability Database

289,871

CVE-2021-32594