A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.
CPE | Name | Operator | Version |
---|---|---|---|
fortiproxy | ge | 1.0.0 | |
fortiproxy | lt | 2.0.0 |