CVE-2023-40720
published 2024-05-14CVE-2023-40720: An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an…
high7.1CVSS 3.1
AVNACLPRLUINSUCHINAL
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | 6.0.0 – 6.0.12 | — |
| fortinet | fortivoice | 6.4.0 – 6.4.8 | — |
| fortinet | fortivoice | 7.0.0 – 7.0.1 | — |
| fortinet | fortivoiceentreprise | — | — |