PSIRT Advisory

FortiPortal Multiple Vulnerabilities

Summary

Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:


  • CVE-2017-7337: Improper Access Control allows a user to potentially view firewall policies and objects from a VDOM s/he is not authorized to, enumerate other customer ADOMs and view other customers' data

  • CVE-2017-7338: Application returns password hashes, and passwords for associated FortiAnalyzer devices via the UI

  • CVE-2017-7339: Persistent XSS via the 'Name' and 'Description' fields in the pop-up to add Revision Backups as a customer

  • CVE-2017-7340: Reflected XSS via the 'applicationSearch' parameter in the 'View' tab

  • CVE-2017-7342: Weak password Policy allows a user to bypass the enforced password change post a password recovery request

  • CVE-2017-7343: Open Redirect via the 'url' parameter

  • CVE-2017-7731: User Enumeration through Forgotten Password due to difference in responses for when an email address exists in the system and when one doesn't


Impact

Information disclosure, Execute unauthorized code or commands, Improper Access Control

Affected Products

FortiPortal versions 4.0.0 and below

Solutions

Upgrade to FortiPortal version 4.0.1

Acknowledgement

Fortinet is pleased to thank David Tredger, Senior Security Consultant, Aura Information Security for reporting this vulnerability under Responsible Disclosure.