Cybersecurity specialists report the detection of a critical vulnerability in FortiPortal, the self-service portal for FortiManager and hosted security analysis management system for some of the most popular Fortinet product families. According to the report, successful exploitation of this flaw could result in a critical hacking scenario.

Tracked as CVE-2021-36171, the vulnerability exists due to a weak pseudorandom number generator in the password reset feature, which remote threat actors could take advantage of to guess parts of a newly generated password, or the entire password in the time frame determined by the affected application.

This is a highly severe vulnerability and its successful exploitation would allow attackers to gain full access to the vulnerable system. This flaw received a score of 7.1/10 according to the Common Vulnerability Scoring System (CVSS).

According to the report, the flaws reside in all versions of Fortinet FortiPortal between v5.2.0 and v6.0.5.

So far no active exploitation attempts have been detected related to this report, however, Fortinet recommends that users of vulnerable versions of FortiPortal apply the necessary updates to mitigate the risk of exploitation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Critical password reset vulnerability in Fortinet FortiPortal. Update immediately appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Two critical code vulnerabilities in a core component of the PHP supply chain repository

SonarSource cybersecurity specialists report the detection of various vulnerabilities in PEAR, a…

Microsoft launched a patch for PrintNightmare vulnerability but the patch doesn’t work. Don’t update your Windows

The PrintNightmare vulnerability has turned out to be a big issue for…

CVE-2021-20026: Command injection vulnerability residing in SonicWall Network Security Manager patched. Update now

Nikita Abramov, a researcher at security firm Positive Technologies, issued an alert…

Former FBI agent on trial for theft of classified cybersecurity and terrorism information

A recent report states that an analyst at the Federal Bureau of…