Security Advisory 2023-022

Release Date:

Critical Authentication Vulnerability in Fortinet Product



  • 17/04/2023 --- v1.0 -- Initial publication


On April 11, 2023, Fortinet released an advisory regarding one critical vulnerability in FortiPresence on-prem infrastructure server. This vulnerability is identified as CVE-2022-41331 (CVSS score of 9.3) and it may allow remote un-authenticated attackers to access the Redis and MongoDB instances [1].

Moreover, Fortinet has also released security updates to address 9 High, and 10 Medium severity vulnerabilities in FortiPresence, FortiOS, FortiWeb, and other Fortinet products [1, 2].

Technical Details

The Critical severity vulnerability known as CVE-2022-41331 exists due to missing authorisation checks to access Redis and MongoDB instances. A remote un-authenticated attacker can connect to the database instances via crafted authentication requests that may result in compromising the affected system [1, 2].

Affected Products

  • FortiPresence 1.2 all versions [1];
  • FortiPresence 1.1 all versions [1];
  • FortiPresence 1.0 all versions [1].


It is recommended to upgrade FortiPresence instances to version 2.0.0 or above. In addition, CERT-EU encourages affected constituents to review the April 2023 Vulnerability Advisories of Fortinet and apply the relevant updates.




We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.