CVE-2020-9294

Summary

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiMail5.4.10affected
FortinetFortiMail6.0.7affected
FortinetFortiMail6.2.2 and earlieraffected
FortinetFortiVoiceEnterprise6.0.0affected
FortinetFortiVoiceEnterprise6.0.1affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References