FortiPresence 1.0-1.2.1 Unauth Data Exposure via Missing Custom Error Pages
CVE-2023-27998 Published on September 13, 2023
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
Vulnerability Analysis
CVE-2023-27998 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Missing Custom Error Page
The software does not return custom error pages to the user, possibly exposing sensitive information.
Products Associated with CVE-2023-27998
Want to know whenever a new CVE is published for Fortinet Fortipresence? stack.watch will email you.
Affected Versions
Fortinet FortiPresence:- Version 1.2.0, <= 1.2.1 is affected.
- Version 1.1.0, <= 1.1.1 is affected.
- Version 1.0.0 is affected.
- Version 1.0.0 is affected.
- Version 1.1.0 is affected.
- Version 1.2.0, <= 1.2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.