Authorizations Bypass in the FortiPresence portal parameters
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-258
Final
1
1
2020-03-09T00:00:00
Current version
2020-03-09T00:00:00
2020-03-09T00:00:00
Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.
Improper Access Control
FortiPresence 2.1.0 and below
Please upgrade to FortiPresence 20.1 or above.Starting in 2020, FortiPresence will employ a new version syntax.
Fortinet is pleased to thank SI9INT for reporting this vulnerability under responsible disclosure.
Authorizations Bypass in the FortiPresence portal parameters
CVE-2020-6641
CVE-2020-6642
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-258
Authorizations Bypass in the FortiPresence portal parameters
Reference>