CVE-2023-27998

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiPresence versions 1.0 through 1.2.1

Description A lack of custom error pages may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.

Recommendations For FortiPresence versions 1.0 through 1.2.1, consider implementing custom error pages to prevent sensitive information disclosure. As a temporary workaround, restrict access to the login GUI to minimize the risk of exploitation.

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-756

Related Identifiers

CVE-2023-27998

Affected Products

Fortipresence

CVE-2023-27998

Weakness Enumeration

Related Identifiers

Affected Products

References · 5