CVE-2023-40720
7.1HIGHAn authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP config
Published: 5/14/2024Updated: 11/21/2024
Description
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
AI AnalysisPowered by AI
Affected Products
fortinetfortivoice
fortinetfortivoice
fortinetfortivoice
7.0.0
fortinetfortivoice
7.0.1
References
- https://fortiguard.com/psirt/FG-IR-23-282Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-23-282Vendor Advisory