Path Traversal Vulnerability in FortiVoiceEntreprise Version 7.0.0 and Earlier: Unauthorized File Access

CVE-2023-37932 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

Learn more about our Web Application Penetration Testing UK.