CVE-2023-37932

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 10, 2024

Updated: Jan 18, 2024

CWE ID 22

Summary

CVE-2023-37932 is a path traversal vulnerability [CWE-22] affecting FortiVoiceEntreprise versions prior to 6.4.7. An authenticated attacker can exploit this improper limitation of a pathname to read arbitrary files on the system by crafting HTTP or HTTPS requests. This issue may lead to the disclosure of sensitive information and could potentially be used for further system compromises. FortiNet has released patches to address this vulnerability. It is recommended that affected organizations install these patches promptly to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8-53Z
https://www.cve.org/CVERecord?id=CVE-2023-37932
https://nvd.nist.gov/vuln/detail/CVE-2023-37932

Back to Vulnerability Database

CVE-2023-37932

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations