MEDIUM🇬🇧 English

CVE-2023-27998

CVSS 5.3v3.1pub. 2023-09-13upd. 2024-11-21

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Fortinet Fortipresence

    APP
    Fortinet
    1.0.01.1.01.1.11.2.01.2.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2020-6641MEDIUM4.3ten sam produkt

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 admin...

CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)

CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam vendor

SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML