Missing Authentication Vulnerability in FortiPresence Infrastructure Server
CVE-2022-41331

9.3CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortipresence
Vendor: CVE Published:; 11 April 2023

Summary

A vulnerability in the FortiPresence infrastructure server allows remote, unauthenticated attackers to exploit the system by sending specifically crafted authentication requests. This issue affects versions of the server prior to 1.2.1, enabling access to sensitive Redis and MongoDB instances without valid authentication. Organizations using affected versions must prioritize patching to mitigate potential risks associated with unauthorized access.

Affected Version(s)

FortiPresence 1.2.0 <= 1.2.1

FortiPresence 1.1.0 <= 1.1.1

FortiPresence 1.0.0

References

https://fortiguard.com/psirt/FG-IR-22-355

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Sep 23, 2022