At a glance:
| IR Number | FG-IR-20-045 |
| Date | Apr 27, 2020 |
| Risk | 
|
| Impact | Improper Access Control |
| CVE ID | CVE-2020-9294 |
| CVRF | Download |
Refine Search
PSIRT Advisory
Authentication bypass in FortiMail and FortiVoiceEnterprise
Summary
An improper authentication vulnerability in FortiMail and FortiVoiceEnterprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
Impact
Improper Access Control
Affected Products
FortiMail versions 5.4.10 and below.
FortiMail versions 6.0.7 and below.
FortiMail versions 6.2.2 and below.
FortiVoiceEnterprise versions 6.0.1 and below.
FortiMail versions 5.3 and lower are not impacted by this vulnerability.
FortiVoiceEnterprise versions 5.3 and lower are not impacted by this vulnerability.
FortiMail Cloud has been upgraded to non-impacted versions.
Solutions
Please upgrade to FortiMail version 5.4.11 or above.
Please upgrade to FortiMail version 6.0.8 or above.
Please upgrade to FortiMail version 6.2.3 or above.
Please upgrade to FortiVoiceEnterprise version 6.0.2 or above.
Acknowledgement
Fortinet is pleased to thank Mike Connor for reporting this vulnerability under responsible disclosure.