Path Traversal Vulnerability in FortiVoice Enterprise
CVE-2023-37932
6.2MEDIUM
What is CVE-2023-37932?
This vulnerability involves an improper limitation of a pathname to a restricted directory, allowing authenticated attackers to exploit FortiVoice Enterprise versions 7.0.0 and earlier up to 6.4.7. By crafting and sending specific HTTP or HTTPS requests, attackers can gain unauthorized access to arbitrary files within the system. This flaw poses significant risks to data integrity and security, compelling users and organizations to implement necessary patches and mitigations. Fortinet provides detailed information and guidance on addressing this vulnerability.
Affected Version(s)
FortiVoice 7.0.0
FortiVoice 6.4.0 <= 6.4.7
FortiVoice 6.0.0 <= 6.0.12