MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2020-6641

CVSS 4.3v3.1pub. 2021-06-02upd. 2024-11-21

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Fortinet Fortipresence

    APP
    Fortinet
    < 20.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-27998MEDIUM5.3ten sam produkt

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all ver...

CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)

CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam vendor

SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML