Lucene search

FortinetVULNRICHMENT:CVE-2023-40720

HistoryMay 14, 2024 - 4:19 p.m.

CVE-2023-40720

2024-05-1416:19:12

CWE-639

fortinet

github.com

cve-2023-40720

authorization bypass

user-controlled key

fortivoiceentreprise

sip configuration

http

https

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RC:C

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.0%

JSON

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiVoice",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.8",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.12",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-23-282

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RC:C

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for VULNRICHMENT:CVE-2023-40720