CVE-2025-58692

An improper neutralization of special elements used in an SQL Command "SQL Injection" vulnerability CWE-89 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HT...

CVE-2025-47856

Two improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and before 6.4.10 allows a privileged attacker to execute arbitrary code or commands via crafted HTTP/HTTPS or CLI requests...

CVE-2024-40588

CVE-2024-40588 describes multiple relative path traversal vulnerabilities in Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. The issue allows a privileged attacker to read files on the underlying filesystem via crafted CLI requests. Affected versions include FortiCamera ...

CVE-2023-40720

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...

Fortinet FortiVoice Stack-based Buffer Overflow (FG-IR-25-254)

The version of FortiVoice installed on the remote host is 6.4.x prior to 6.4.11, 7.0.x prior to 7.0.7, or 7.2.x prior to 7.2.1. It is, therefore, affected by a stack-based buffer overflow vulnerability as referenced in the FG-IR-24-472 advisory. - A stack-based overflow vulnerability CWE-121 in...

CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...

CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0,...

CVE-2023-37931

The CVE corresponds to Fortinet FortiVoice Entreprise SQL injection, where improper neutralization of SQL elements enables a blind SQLi via crafted HTTP/HTTPS requests. Affected: FortiVoice Entreprise 7.0.0–7.0.1 and older than 6.4.8. Impact: authenticated attacker can perform a blind SQL injecti...

CVE-2024-40587

Summary: CVE-2024-40587 is an OS Command Injection in Fortinet FortiVoice. FortiVoice versions 7.0.0–7.0.4 and prior to 6.4.9 are affected. The root cause is improper neutralization of special elements used in OS commands, allowing an authenticated privileged attacker to execute unauthorized code...