CVE-2021-32594 — MEDIUM (5.4)

Q: How severe is CVE-2021-32594?

CVE-2021-32594 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-32594?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiportal.

Vulnerability Description

An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Fortinet	Fortiportal	>= 4.0.0, <= 4.0.4

Related Weaknesses (CWE)

CWE-434

References

https://fortiguard.com/advisory/FG-IR-21-092Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-092Vendor Advisory

FAQ

What is CVE-2021-32594?

CVE-2021-32594 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to po...

How severe is CVE-2021-32594?

CVE-2021-32594 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32594?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiportal.