CVE-2023-37932
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jan 10, 2024
Updated: Jan 18, 2024
CWE ID 22
Summary
CVE-2023-37932 is a path traversal vulnerability [CWE-22] affecting FortiVoiceEntreprise versions prior to 6.4.7. An authenticated attacker can exploit this improper limitation of a pathname to read arbitrary files on the system by crafting HTTP or HTTPS requests. This issue may lead to the disclosure of sensitive information and could potentially be used for further system compromises. FortiNet has released patches to address this vulnerability. It is recommended that affected organizations install these patches promptly to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Fortinet