Path traversal vulnerability in administrative interface
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoice may allow an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests
Version | Affected | Solution |
---|---|---|
FortiVoice 7.0 | 7.0.0 | Upgrade to 7.0.1 or above |
FortiVoice 6.4 | 6.4.0 through 6.4.7 | Upgrade to 6.4.8 or above |
FortiVoice 6.0 | 6.0 all versions | Migrate to a fixed release |
Acknowledgement
Internally discovered and reported by Hritik Sateesh from Fortinet's Burnaby Infosec team.Timeline
2024-01-02: Initial publication