CVE-2023-40720

Summary

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiVoice7.0.0 <= 7.0.1affected
FortinetFortiVoice6.4.0 <= 6.4.8affected
FortinetFortiVoice6.0.0 <= 6.0.12affected

Weaknesses

  • CWE-639: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References