PSIRT Advisory

Authorizations Bypass in the FortiPresence portal parameters

Summary

Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.

Impact

Improper Access Control

Affected Products

FortiPresence 2.1.0 and below

Solutions

Please upgrade to FortiPresence 20.1 or above.
Starting in 2020, FortiPresence will employ a new version syntax.

Acknowledgement

Fortinet is pleased to thank SI9INT for reporting this vulnerability under responsible disclosure.