Weak Password Recovery Process in Fortinet FortiPortal
CVE-2017-7342

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiportal
Vendor: CVE Published:; 25 March 2019

Summary

The Fortinet FortiPortal is impacted by a vulnerability related to its password recovery process. Specifically, versions up to 4.0.0 exhibit a flaw that allows attackers to exploit a hidden Close button, leading to the execution of unauthorized code or commands. This compromise underscores the importance of robust password recovery mechanisms to ensure security and prevent unauthorized access.

Affected Version(s)

Fortinet FortiPortal FortiPortal versions 4.0.0 and below

References

https://fortiguard.com/psirt/FG-IR-17-114

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2019
Vulnerability Reserved
Mar 30, 2017