Cybersecurity specialists report the detection of a critical vulnerability in FortiPortal, the self-service portal for FortiManager and hosted security analysis management system for some of the most popular Fortinet product families. According to the report, successful exploitation of this flaw could result in a critical hacking scenario.
Tracked as CVE-2021-36171, the vulnerability exists due to a weak pseudorandom number generator in the password reset feature, which remote threat actors could take advantage of to guess parts of a newly generated password, or the entire password in the time frame determined by the affected application.
This is a highly severe vulnerability and its successful exploitation would allow attackers to gain full access to the vulnerable system. This flaw received a score of 7.1/10 according to the Common Vulnerability Scoring System (CVSS).
According to the report, the flaws reside in all versions of Fortinet FortiPortal between v5.2.0 and v6.0.5.
So far no active exploitation attempts have been detected related to this report, however, Fortinet recommends that users of vulnerable versions of FortiPortal apply the necessary updates to mitigate the risk of exploitation.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
