Lucene search

K
cveFortinetCVE-2023-27998
HistorySep 13, 2023 - 1:15 p.m.

CVE-2023-27998

2023-09-1313:15:08
CWE-755
CWE-756
fortinet
web.nvd.nist.gov
18
cve-2023-27998
fortipresence
vulnerability
cwe-756
unauthenticated attacker
sensitive information
http
security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

31.2%

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.

Affected configurations

Nvd
Node
fortinetfortipresenceMatch1.0.0
OR
fortinetfortipresenceMatch1.1.0
OR
fortinetfortipresenceMatch1.1.1
OR
fortinetfortipresenceMatch1.2.0
OR
fortinetfortipresenceMatch1.2.1
VendorProductVersionCPE
fortinetfortipresence1.0.0cpe:2.3:a:fortinet:fortipresence:1.0.0:*:*:*:*:*:*:*
fortinetfortipresence1.1.0cpe:2.3:a:fortinet:fortipresence:1.1.0:*:*:*:*:*:*:*
fortinetfortipresence1.1.1cpe:2.3:a:fortinet:fortipresence:1.1.1:*:*:*:*:*:*:*
fortinetfortipresence1.2.0cpe:2.3:a:fortinet:fortipresence:1.2.0:*:*:*:*:*:*:*
fortinetfortipresence1.2.1cpe:2.3:a:fortinet:fortipresence:1.2.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiPresence",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "1.2.0",
        "lessThanOrEqual": "1.2.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.1.0",
        "lessThanOrEqual": "1.1.1",
        "status": "affected"
      },
      {
        "version": "1.0.0",
        "status": "affected"
      }
    ]
  }
]

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

31.2%

Related for CVE-2023-27998