CVE-2021-32588
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.
Una vulnerabilidad de uso de credenciales embebidas (CWE-798) en FortiPortal versiones 5.2.5 e inferiores, 5.3.5 e inferiores, 6.0.4 e inferiores, y en versiones 5.1.x y 5.0.x, puede permitir a un atacante no autenticado remoto ejecutar comandos no autorizados como root al cargar y desplegar archivos comprimidos de aplicaciones web maliciosas usando el nombre de usuario y la contraseƱa predeterminados de Tomcat Manager.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2021-05-11 CVE Reserved
- 2021-08-18 CVE Published
- 2024-05-03 EPSS Updated
- 2024-10-25 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://fortiguard.com/advisory/FG-IR-21-077 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 5.0.0 <= 5.0.3 Search vendor "Fortinet" for product "Fortiportal" and version " >= 5.0.0 <= 5.0.3" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 5.1.0 <= 5.1.2 Search vendor "Fortinet" for product "Fortiportal" and version " >= 5.1.0 <= 5.1.2" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 5.2.0 <= 5.2.5 Search vendor "Fortinet" for product "Fortiportal" and version " >= 5.2.0 <= 5.2.5" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 5.3.0 <= 5.3.5 Search vendor "Fortinet" for product "Fortiportal" and version " >= 5.3.0 <= 5.3.5" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 6.0.0 <= 6.0.4 Search vendor "Fortinet" for product "Fortiportal" and version " >= 6.0.0 <= 6.0.4" | - |
Affected
|