Primary

Context

Fortinet FortiPortal and FortiManager Missing Authentication Vulnerability in Critical Function

Vulnerability

A vulnerability allowing unauthorized access to the configuration of managed devices has been identified in Fortinet FortiPortal versions 6.0.0 to 6.0.15 and FortiManager versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, and 6.4.0 to 6.4.14. This vulnerability arises from a missing authentication for critical functions, enabling attackers to access device configurations by sending specially crafted packets.

Impact

Exploitation of this vulnerability allows unauthorized access to the configuration of managed devices.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiPortal and FortiManager Missing Authentication Vulnerability in Critical Function

Vulnerability

Impact

Affected Products

Fortinet FortiPortal

Fortinet FortiManager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating