ГлавнаяУязвимости → CVE-2023-40720
7.1высокая

CVE-2023-40720

Описание

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

Затрагиваемое ПО
Fortinet Fortivoice
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Источники
https://fortiguard.com/psirt/FG-IR-23-282https://fortiguard.com/psirt/FG-IR-23-282