Fortivoice@* Security Vulnerabilities and Issues — Fortivoice@* CVE List

Lucene search

FortinetFortivoice*

15 matches found

CVE•added 2025/05/13 3:15 p.m.•210 views

CVE-2025-32756

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7....

9.8CVSS8.8AI score0.12237EPSS

CVE•added 2020/04/27 5:15 p.m.•78 views

CVE-2020-9294

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

9.8CVSS9.6AI score0.77587EPSS

CVE•added 2025/01/14 2:15 p.m.•77 views

CVE-2024-48884

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, ...

9.1CVSS6.4AI score0.0042EPSS

CVE•added 2025/04/08 2:15 p.m.•70 views

CVE-2024-50565

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2...

7.5CVSS7.3AI score0.00097EPSS

CVE•added 2023/12/13 7:15 a.m.•66 views

CVE-2022-27488

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6...

8.8CVSS8.8AI score0.00442EPSS

CVE•added 2025/01/22 10:15 a.m.•64 views

CVE-2022-23439

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through...

6.1CVSS4.9AI score0.00073EPSS

CVE•added 2021/12/08 11:15 a.m.•62 views

CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

6.7CVSS6.9AI score0.00082EPSS

CVE•added 2025/04/08 2:15 p.m.•61 views

CVE-2024-26013

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and ...

7.5CVSS7.3AI score0.00104EPSS

CVE•added 2025/01/16 9:15 a.m.•61 views

CVE-2024-48885

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 thro...

9.1CVSS7.3AI score0.00038EPSS

CVE•added 2025/03/28 11:15 a.m.•52 views

CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, v...

5.3CVSS6.5AI score0.00113EPSS

CVE•added 2024/05/14 5:15 p.m.•44 views

CVE-2023-40720

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

7.1CVSS6.6AI score0.0003EPSS

CVE•added 2024/01/10 6:15 p.m.•43 views

CVE-2023-37932

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

6.5CVSS6.3AI score0.00656EPSS

CVE•added 2025/01/14 2:15 p.m.•39 views

CVE-2024-40587

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

6.7CVSS6.8AI score0.00215EPSS

CVE•added 2025/01/14 2:15 p.m.•32 views

CVE-2023-37931

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests

8.8CVSS8.9AI score0.0009EPSS

CVE•added 3 days ago•3 views

CVE-2024-40588

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 ma...

4.4CVSS7AI score0.00013EPSS