A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-355 | Vendor Advisory |
https://fortiguard.com/psirt/FG-IR-22-355 | Vendor Advisory |
Configurations
History
21 Nov 2024, 07:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.com/psirt/FG-IR-22-355 - Vendor Advisory |
Information
Published : 2023-04-11 17:15
Updated : 2024-11-21 07:23
NVD link : CVE-2022-41331
Mitre link : CVE-2022-41331
CVE.ORG link : CVE-2022-41331
JSON object : View
Products Affected
fortinet
- fortiproxy
CWE
CWE-306
Missing Authentication for Critical Function