Authentication bypass in FortiMail and FortiVoiceEntreprise
Summary
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
Affected Products
FortiMail versions 5.4.10 and below.
FortiMail versions 6.0.7 and below.
FortiMail versions 6.2.2 and below.
FortiVoiceEntreprise versions 6.0.1 and below.
FortiVoiceEntreprise 5.4 all versions.
FortiMail versions 5.3 and lower are not impacted by this vulnerability.
FortiVoiceEnterprise versions 5.3 and lower are not impacted by this vulnerability.
FortiMail Cloud has been upgraded to non-impacted versions.
Solutions
Please upgrade to FortiMail version 5.4.11 or above.
Please upgrade to FortiMail version 6.0.8 or above.
Please upgrade to FortiMail version 6.2.3 or above.
Please upgrade to FortiVoiceEntreprise version 6.0.2 or above.