Search criteria
2 vulnerabilities found for FortiPresence by Fortinet
CVE-2023-27998 (GCVE-0-2023-27998)
Vulnerability from cvelistv5 – Published: 2023-09-13 12:29 – Updated: 2024-09-25 17:26
VLAI?
Summary
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
Severity ?
CWE
- CWE-756 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiPresence |
Affected:
1.2.0 , ≤ 1.2.1
(semver)
Affected: 1.1.0 , ≤ 1.1.1 (semver) Affected: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-288",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-288"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortipresence:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortipresence",
"vendor": "fortinet",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "1.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:24:33.642111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:26:14.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiPresence",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.1.1",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-756",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T12:29:15.591Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-288",
"url": "https://fortiguard.com/psirt/FG-IR-22-288"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiPresence version 2.0.0 or above\r\n\u00a0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-27998",
"datePublished": "2023-09-13T12:29:15.591Z",
"dateReserved": "2023-03-09T10:09:33.120Z",
"dateUpdated": "2024-09-25T17:26:14.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41331 (GCVE-0-2022-41331)
Vulnerability from cvelistv5 – Published: 2023-04-11 16:06 – Updated: 2024-10-23 14:29
VLAI?
Summary
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.
Severity ?
9.3 (Critical)
CWE
- CWE-306 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiPresence |
Affected:
1.2.0 , ≤ 1.2.1
(semver)
Affected: 1.1.0 , ≤ 1.1.1 (semver) Affected: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:44.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-355",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-355"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:19:08.963120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:29:35.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiPresence",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.1.1",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T16:06:05.258Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-355",
"url": "https://fortiguard.com/psirt/FG-IR-22-355"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiPresence version 2.0.0 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-41331",
"datePublished": "2023-04-11T16:06:05.258Z",
"dateReserved": "2022-09-23T15:07:35.782Z",
"dateUpdated": "2024-10-23T14:29:35.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}