CVE-2023-37932

Summary

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

Affected Software

VendorProductVersion RangeStatus
FortinetFortiVoice7.0.0affected
FortinetFortiVoice6.4.0 <= 6.4.7affected
FortinetFortiVoice6.0.0 <= 6.0.12affected

Weaknesses

  • CWE-22: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References