A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NFortinet Fortipresence
APPFortinet1.0.01.1.01.1.11.2.01.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
Related vulnerabilities
CVE-2020-6641MEDIUM4.3ten sam produkt
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 admin...
CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)
CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam vendor
SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu
CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML