PT-2026-2467 · Fortinet · Fortifone
Published
2026-01-13
·
Updated
2026-01-16
·
CVE-2025-47855
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiFone versions 7.0.0 through 7.0.1
Fortinet FortiFone versions 3.0.13 through 3.0.23
Description
An exposure of sensitive information to an unauthorized actor allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests. The issue is related to [CWE-200].
Recommendations
Fortinet FortiFone versions 7.0.0 through 7.0.1 should be updated to a newer, secure version.
Fortinet FortiFone versions 3.0.13 through 3.0.23 should be updated to a newer, secure version.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortifone