CVE-2023-27998

MEDIUM

Fortinet Fortipresence - Improper Exception Handling

Title source: rule

Description

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-22-288

Scores

CVSS v3 5.3

EPSS 0.0022

EPSS Percentile 44.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-756 CWE-755

Status published

Products (5)

fortinet/fortipresence 1.0.0

fortinet/fortipresence 1.1.0

fortinet/fortipresence 1.1.1

fortinet/fortipresence 1.2.0

fortinet/fortipresence 1.2.1

Published Sep 13, 2023

Tracked Since Feb 18, 2026