Authentication flaw

2020-04-2717:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

JSON

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

CPENameOperatorVersion
fortimaille5.4.10
fortimailge6.0.0
fortimaille6.0.7
fortimailge6.2.0
fortimaille6.2.2
fortivoicege6.0.0
fortivoicele6.0.1

Name	Operator	Version
fortimail	le	5.4.10
fortimail	ge	6.0.0
fortimail	le	6.0.7
fortimail	ge	6.2.0
fortimail	le	6.2.2
fortivoice	ge	6.0.0
fortivoice	le	6.0.1

References

fortiguard.com/psirt/FG-IR-20-045