An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 up to and including 7.0.1 and prior to 6.4.8 allows an authenticated malicious user to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortivoice 7.0.0 |
||
fortinet fortivoice |
||
fortinet fortivoice 7.0.1 |