Lucene search

PRIOn knowledge basePRION:CVE-2022-41331

HistoryApr 11, 2023 - 5:15 p.m.

Authentication flaw

2023-04-1117:15:00

PRIOn knowledge base

www.prio-n.com

authentication

flaw

vulnerability

fortipresence

server

unauthenticated access

redis

mongodb

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.7%

JSON

A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.

CPENameOperatorVersion
fortiproxyge1.0.0
fortiproxylt2.0.0

CPE	Name	Operator	Version
	fortiproxy	ge	1.0.0
	fortiproxy	lt	2.0.0

References

fortiguard.com/psirt/FG-IR-22-355