CVE-2020-6641

CWE-639Insecure Direct Object ReferenceCWE-863Incorrect Authorization4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 66.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortipresenceFortinet Fortinet Fortipresence
Timeline
PublishedJun 2
Latest updateMay 24

Description

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/fortinet_fortipresenceFortiPresence 2.1.0 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-jxf8-g6gq-m62f: Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 22022-05-24
CVEList
CVE-2020-6641: Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 22021-06-02

📋Vendor Advisories

1
Fortinet
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration...2021-06-02
CVE-2020-6641 (MEDIUM CVSS 4.3) | Two authorization bypass through us | cvebase.io