FortiPortal - Authentication bypass and remote code execution as root

Summary

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.

Affected Products

FortiPortal versions 5.2.5 and below.
FortiPortal versions 5.3.5 and below.
FortiPortal versions 6.0.4 and below.
FortiPortal 5.0.x
FortiPortal 5.1.x

Solutions

Please upgrade to FortiPortal version 5.2.6 or above.
Please upgrade to FortiPortal version 5.3.6 or above.
Please upgrade to FortiPortal version 6.0.5 or above.

Acknowledgement

Fortinet is pleased to thank Ben Knight, CyberCX New Zealand for bringing this issue to our attention under responsible disclosure.