An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-23-282 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2024-05-14T16:19:12.993Z
Updated: 2024-08-02T18:38:51.211Z
Reserved: 2023-08-21T09:03:44.316Z
Link: CVE-2023-40720
Vulnrichment
Updated: 2024-05-14T19:29:30.379Z
NVD
Status : Modified
Published: 2024-05-14T17:15:19.067
Modified: 2024-11-21T08:20:01.767
Link: CVE-2023-40720
Redhat
No data.