Path Traversal Vulnerability in FortiVoice Enterprise
CVE-2023-37932
6.5MEDIUM
Summary
This vulnerability involves an improper limitation of a pathname to a restricted directory, allowing authenticated attackers to exploit FortiVoice Enterprise versions 7.0.0 and earlier up to 6.4.7. By crafting and sending specific HTTP or HTTPS requests, attackers can gain unauthorized access to arbitrary files within the system. This flaw poses significant risks to data integrity and security, compelling users and organizations to implement necessary patches and mitigations. Fortinet provides detailed information and guidance on addressing this vulnerability.
Affected Version(s)
FortiVoice 7.0.0
FortiVoice 6.4.0 <= 6.4.7
FortiVoice 6.0.0 <= 6.0.12
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved