A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NFortinet Fortipresence
APPFortinet1.0.01.1.01.1.11.2.01.2.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
Powiązane podatności
CVE-2020-6641MEDIUM4.3ten sam produkt
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 admin...
CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)
CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam vendor
SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu
CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML