Path Traversal Vulnerability in FortiVoice Enterprise
CVE-2023-37932

6.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortivoice
Vendor: CVE Published:; 10 January 2024

What is CVE-2023-37932?

This vulnerability involves an improper limitation of a pathname to a restricted directory, allowing authenticated attackers to exploit FortiVoice Enterprise versions 7.0.0 and earlier up to 6.4.7. By crafting and sending specific HTTP or HTTPS requests, attackers can gain unauthorized access to arbitrary files within the system. This flaw poses significant risks to data integrity and security, compelling users and organizations to implement necessary patches and mitigations. Fortinet provides detailed information and guidance on addressing this vulnerability.

Affected Version(s)

FortiVoice 7.0.0

FortiVoice 6.4.0 <= 6.4.7

FortiVoice 6.0.0 <= 6.0.12

References

https://fortiguard.com/psirt/FG-IR-23-219

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2024
Vulnerability Reserved
Jul 11, 2023