CVE-2023-37931

Name of the Vulnerable Software and Affected Versions FortiVoice Entreprise versions 7.0.0 through 7.0.1 FortiVoice Entreprise versions prior to 6.4.8

Description The issue is related to an improper neutralization of special elements used in an SQL command, also known as a 'sql injection' vulnerability. This allows an authenticated attacker to perform a blind SQL injection attack by sending crafted HTTP or HTTPS requests.

Recommendations For FortiVoice Entreprise versions 7.0.0 through 7.0.1, consider disabling the vulnerable SQL functionality until a patch is available. For FortiVoice Entreprise versions prior to 6.4.8, consider restricting access to the SQL command interface to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable SQL functionality in the affected HTTP or HTTPS requests until the issue is resolved.