[FortiMail][FortiVoice] Authentication bypass Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-045 Final 1 1 2020-04-27T00:00:00 Current version 2020-04-27T00:00:00 2020-04-27T00:00:00 An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. Improper access control FortiMail versions 5.4.10 and below.FortiMail versions 6.0.7 and below.FortiMail versions 6.2.2 and below.FortiVoiceEntreprise versions 6.0.1 and below.FortiVoiceEntreprise 5.4 all versions.FortiMail versions 5.3 and lower are not impacted by this vulnerability.FortiVoiceEnterprise versions 5.3 and lower are not impacted by this vulnerability.FortiMail Cloud has been upgraded to non-impacted versions. Please upgrade to FortiMail version 5.4.11 or above.Please upgrade to FortiMail version 6.0.8 or above.Please upgrade to FortiMail version 6.2.3 or above.Please upgrade to FortiVoiceEntreprise version 6.0.2 or above. Fortinet is pleased to thank Mike Connor for reporting this vulnerability under responsible disclosure. CVE-2020-9294 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-045 [FortiMail][FortiVoice] Authentication bypass Reference>