A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.
Weakness
The product does not return custom error pages to the user, possibly exposing sensitive information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fortipresence | Fortinet | 1.0.0 (including) | 1.0.0 (including) |
| Fortipresence | Fortinet | 1.1.0 (including) | 1.1.0 (including) |
| Fortipresence | Fortinet | 1.1.1 (including) | 1.1.1 (including) |
| Fortipresence | Fortinet | 1.2.0 (including) | 1.2.0 (including) |
| Fortipresence | Fortinet | 1.2.1 (including) | 1.2.1 (including) |