CVE-2023-37932
published 2024-01-10CVE-2023-37932: An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | 6.0.0 – 6.0.12 | — |
| fortinet | fortivoice | >= 6.4.0 < 6.4.8 | 6.4.8 |
| fortinet | fortivoice | 6.4.0 – 6.4.7 | — |
| fortinet | fortivoiceentreprise | — | — |