Memory Allocation Vulnerability in FortiPortal by Fortinet
CVE-2021-36174

4.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiportal
Vendor: CVE Published:; 2 November 2021

What is CVE-2021-36174?

A vulnerability in the license verification function of FortiPortal prior to version 6.0.6 permits an attacker to exploit excessive memory allocation through specially crafted license blobs. This can facilitate a denial of service attack, potentially disrupting the availability of the FortiPortal service. Organizations using affected versions should apply recommended updates to mitigate possible exploitation.

Affected Version(s)

Fortinet FortiPortal FortiPortal before 6.0.6

References

https://fortiguard.com/advisory/FG-IR-21-109

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2021
Vulnerability Reserved
Jul 6, 2021