Fortinet, a provider of cybersecurity solutions, this week announced the release of security updates for a number of its products, including patches for a serious flaw in FortiPresence. FortiPresence is a data analytics solution offered as a hosted cloud service or as a virtual machine, for private installs. It provides analytics, heat maps, and reporting.
This week, Fortinet disclosed that the FortiPresence infrastructure server contains a severe missing authentication vulnerability that might allow access to Redis and MongoDB instances. The vulnerability, identified as CVE-2022-41331 (CVSS score of 9.3), can be used by a remote, unauthenticated attacker through carefully constructed authentication requests.