Authorization Bypass Vulnerability in FortiVoice Enterprise
CVE-2023-40720

7.1HIGH

Key Information:

Vendor: Fortinet
Status: Fortivoice
Vendor: CVE Published:; 14 May 2024

Summary

An authorization bypass vulnerability exists in FortiVoice Enterprise versions 7.0.0 and 7.0.1, as well as all versions prior to 6.4.8. This flaw permits authenticated attackers to exploit vulnerabilities in user-controlled keys, thereby allowing unauthorized access to the SIP configuration of other users. By crafting specific HTTP or HTTPS requests, the security of affected systems can be compromised, potentially leading to data exposure that could have severe implications for user privacy and system integrity.

Affected Version(s)

FortiVoice 7.0.0 <= 7.0.1

FortiVoice 6.4.0 <= 6.4.8

FortiVoice 6.0.0 <= 6.0.12

References

https://fortiguard.com/psirt/FG-IR-23-282

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Aug 21, 2023