CVE-2023-37932

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 34.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortivoice

Timeline

PublishedJan 10

Description

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortivoice6.4.0 — 6.4.8+2

▶CVEListV5fortinet/fortivoice6.4.0 — 6.4.7+2

🔴Vulnerability Details

GHSA

GHSA-g73p-9p76-7wm8: An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7↗2024-01-10

▶

CVEList

CVE-2023-37932: An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7↗2024-01-10

▶

📋Vendor Advisories

Fortinet

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEn...↗2024-01-10

▶