Fortinet has addressed a critical vulnerability, tracked as CVE-2022-41331 (CVSS score of 9.3), in its Fortinet FortiPresence data analytics solution.
FortiPresence is a comprehensive data analytics solution designed for analyzing user traffic and deriving usage patterns.
Successful exploitation can lead to remote, unauthenticated access to Redis and MongoDB instances via crafted authentication requests.
“A missing authentication for critical function vulnerability [CWE-306] in FortiPresence on-prem infrastructure server may allow a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.” reads the advisory published by the vendor.
The vulnerability affects FortiPresence 1.2 all versions, FortiPresence 1.1 all versions, and FortiPresence 1.0 all versions. The company added that Cloud instances of FortiPresence are not impacted.
Fortinet addressed multiple vulnerabilities in its products as part of its “April 2023 Vulnerability Advisories,” below are the most severe ones:
Customers are recommended to update their instances as soon as possible.
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Fortinet)
Nova Scotia Power confirmed a data breach involving the theft of sensitive customer data after…
Coinbase confirmed rogue contractors stole customer data and demanded a $20M ransom in a breach…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities…
Kosovar citizen extradited to the US for running the cybercrime marketplace BlackDB.cc appeared in federal…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows flaws to its Known Exploited…
Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited…
This website uses cookies.