Описание
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:fortinet:fortipresence:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortipresence:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortipresence:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortipresence:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortipresence:1.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00218
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-756
CWE-755
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
EPSS
Процентиль: 44%
0.00218
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-756
CWE-755