14 matches found
CVE-2023-40720
An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...
CVE-2023-40720
An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...
CVE-2023-40720
An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...
CVE-2023-40720
CVE-2023-40720 affects FortiVoice Enterprise (FortiVoiceEntreprise) versions 7.0.0–7.0.1 and before 6.4.8, where an authenticated attacker can bypass authorization via a user-controlled key to read other users’ SIP configurations by crafted HTTP/HTTPS requests. Root cause described as CWE-639 (au...
CVE-2023-37932
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...
Path traversal
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...
CVE-2023-37932
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...
CVE-2023-37932
The CVE-2023-37932 entry describes a path traversal vulnerability in FortiVoiceEntreprise (Fortinet) affecting version 7.0.0 and earlier than 6.4.7. The issue stems from an improper limitation of a pathname to a restricted directory, allowing an authenticated attacker to read arbitrary files on t...
CVE-2020-9294
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...
Authentication flaw
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...
CVE-2020-9294
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...
CVE-2020-9294
CVE-2020-9294 affects Fortinet FortiMail (versions 5.4.10 and earlier; 6.0.7 and earlier; 6.2.2 and earlier) and FortiVoiceEntreprise (6.0.0 and 6.0.1). The issue is an improper authentication vulnerability where a remote unauthenticated attacker can access the system as a legitimate user by subm...
Authentication bypass in FortiMail and FortiVoiceEntreprise
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...
PT-2020-5588 · Fortinet · Fortivoiceentreprise +1
Name of the Vulnerable Software and Affected Versions: FortiMail versions 5.4.10 and earlier, 6.0.7 and earlier, 6.2.2 and earlier FortiVoiceEntreprise versions 6.0.0 and 6.0.1 Description: The issue is related to weaknesses in the authentication procedure of the email protection system. It may...