Overview
- Description
- A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
- Source
- psirt@fortinet.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortipresence:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "889484EB-8EDC-4FB5-A0F9-1E719C9099D6"
},
{
"criteria": "cpe:2.3:a:fortinet:fortipresence:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF2B518A-EA40-4D65-9E9A-69D39A8AC01F"
},
{
"criteria": "cpe:2.3:a:fortinet:fortipresence:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2BEFF20-BAFA-4169-8F6A-D472C45EB2EC"
},
{
"criteria": "cpe:2.3:a:fortinet:fortipresence:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14BC839F-E70C-4676-B523-BAD563C8E6E0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortipresence:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E5C2455-84E1-4403-A4B5-B57CDA302BBD"
}
],
"operator": "OR"
}
]
}
]