FortiVoice - Path traversal vulnerability in administrative interface

Summary

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoice may allow an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests

Version Affected Solution
FortiVoice 7.0 7.0.0 Upgrade to 7.0.1 or above
FortiVoice 6.4 6.4.0 through 6.4.7 Upgrade to 6.4.8 or above
FortiVoice 6.0 6.0 all versions Migrate to a fixed release

Acknowledgement

Internally discovered and reported by Hritik Sateesh from Fortinet's Burnaby Infosec team.

Timeline

2024-01-02: Initial publication