CVE-2020-9294
published 2020-04-27CVE-2020-9294: An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimail | <= 5.4.10 | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | 6.0.0 – 6.0.7 | — |
| fortinet | fortimail | 6.2.0 – 6.2.2 | — |
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | 6.0.0 – 6.0.1 | — |
| fortinet | fortivoiceenterprise | — | — |
| fortinet | fortivoiceenterprise | — | — |
| fortinet | fortivoiceentreprise | — | — |