CVE-2023-27998

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortipresence:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortipresence:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortipresence:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortipresence:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortipresence:1.2.1:*:*:*:*:*:*:*

History

21 Nov 2024, 07:53

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-13 13:15

Updated : 2024-11-21 07:53


NVD link : CVE-2023-27998

Mitre link : CVE-2023-27998

CVE.ORG link : CVE-2023-27998


JSON object : View

Products Affected

fortinet

  • fortipresence
CWE
CWE-756

Missing Custom Error Page

CWE-755

Improper Handling of Exceptional Conditions