Authorizations Bypass in the FortiPresence portal parameters


Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.

Affected Products

FortiPresence 2.1.0 and below


Please upgrade to FortiPresence 20.1 or above.
Starting in 2020, FortiPresence will employ a new version syntax.


Fortinet is pleased to thank SI9INT for reporting this vulnerability under responsible disclosure.