CVE-2022-41331
First published: Tue Apr 11 2023(Updated: )
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.0.0<2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-41331.
What is the severity level of CVE-2022-41331?
The severity level of CVE-2022-41331 is critical (9.8).
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-306.
How does this vulnerability affect FortiPresence infrastructure server?
This vulnerability allows a remote, unauthenticated attacker to access the Redis and MongoDB instances of FortiPresence infrastructure server before version 1.2.1 via crafted authentication requests.
How can I fix this vulnerability?
To fix this vulnerability, update FortiPresence infrastructure server to version 1.2.1 or later.
- collector/nvd-index
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0