CVE-2023-40720

2024-05-1416:19:12

CWE-639

fortinet

raw.githubusercontent.com

cve-2023-40720

authorization bypass

user-controlled key

cwe-639

fortivoiceentreprise

sip configuration

http requests

https requests

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.6%

JSON

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.