CVE-2023-27998 — Missing Custom Error Page in Fortinet Fortipresence

CWE-756 — Missing Custom Error Page CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 55.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortipresence

Timeline

PublishedSep 13

Description

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5fortinet/fortipresence1.2.0 — 1.2.1+2

▶NVDfortinet/fortipresence5 versions+4

🔴Vulnerability Details

CVEList

CVE-2023-27998: A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1↗2023-09-13

▶

GHSA

GHSA-7pp3-x5h4-fx5v: A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1↗2023-09-13

▶

📋Vendor Advisories

Fortinet

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1...↗2023-09-13

▶