CVE-2023-27998

Summary

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiPresence1.2.0 <= 1.2.1affected
FortinetFortiPresence1.1.0 <= 1.1.1affected
FortinetFortiPresence1.0.0affected

Weaknesses

  • CWE-756: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References