CVE-2023-40720

Name of the Vulnerable Software and Affected Versions FortiVoice versions 7.0.0 through 7.0.1 FortiVoice versions prior to 6.4.8

Description The issue is related to an authorization bypass through a user-controlled key, allowing a remote attacker to disclose configuration SIP files by sending specially crafted HTTP or HTTPS requests. This can enable an authenticated attacker to read the SIP configuration of other users.

Recommendations For FortiVoice versions 7.0.0 through 7.0.1, update to a version outside of this range to resolve the issue. For FortiVoice versions prior to 6.4.8, update to version 6.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIP configuration files until a patch is available.