cbcvebase.
CVE-2022-41331
published 2023-04-11

CVE-2022-41331: A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.

Affected

6 ranges
VendorProductVersion rangeFixed in
fortinetfortipresence
fortinetfortipresence
fortinetfortipresence1.1.0 – 1.1.1
fortinetfortipresence1.2.0 – 1.2.1
fortinetfortiproxy
fortinetfortiproxy>= 1.0.0 < 2.0.02.0.0