Cybersecurity specialists reported the finding of two vulnerabilities in Fortinet FortiPortal. According to the report, successful exploitation of these flaws would allow the deployment of multiple attack scenarios.

Below is a brief description of the reported flaws, in addition to their tracking keys and score assigned by the Common Vulnerability Scoring System (CVSS).

CVE-2021-36176: The improper sanitization of user-supplied data in both the customer and provider interfaces would allow remote threat actors to send specially crafted links to target users and run arbitrary HTML and scripts code in users’ browsers.

This is a low severity flaw and received a CVSS score of 5.3/10.

CVE-2021-32595: The affected application does not properly control consumption of internal resources in the web interface, which would allow remote malicious hackers to trigger a denial of service (DoS) condition.

This is a medium severity flaw and received a CVSS score of 6.7/10.

Experts mention that the flaws reside in the following versions of FortiPortal: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.1, 4.1.2, 4.2.1, 4.2.2, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4 & 6.0.5.

Cybersecurity specialists recommend affected implementations’ admins to install the last updates as soon as possible to mitigate the exploitation risk.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 2 critical vulnerabilities in Fortinet FortiPortal appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Critical memory leak and authorization vulnerability in Bareos, a backup and archiving solution

Information security specialists report the detection of two vulnerabilities in Bareos open-source…

Critical vulnerability in the way Sony PS3, PS4, and PS5 consoles read Blu-Ray discs allows rooting and modifying the firmware

At least two generations of PlayStation consoles could be affected by a…

Zero-day vulnerability in Tails and TOR Browser exposes users’ identity. No patches available

Tails, well-known Linux distribution, has asked its users not to use the…

Critical remote code injection and DoS vulnerabilities in Juniper’s Junos OS. Secure your network

Cybersecurity specialists report the discovery of a remote code execution (CER) vulnerability…