cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-40720,https://securityvulnerability.io/vulnerability/CVE-2023-40720,Authorization Bypass Vulnerability in FortiVoice Enterprise,"An authorization bypass vulnerability exists in FortiVoice Enterprise versions 7.0.0 and 7.0.1, as well as all versions prior to 6.4.8. This flaw permits authenticated attackers to exploit vulnerabilities in user-controlled keys, thereby allowing unauthorized access to the SIP configuration of other users. By crafting specific HTTP or HTTPS requests, the security of affected systems can be compromised, potentially leading to data exposure that could have severe implications for user privacy and system integrity.",Fortinet,Fortivoice,7.1,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-05-14T16:19:12.993Z,0
CVE-2023-37932,https://securityvulnerability.io/vulnerability/CVE-2023-37932,Path Traversal Vulnerability in FortiVoice Enterprise,"This vulnerability involves an improper limitation of a pathname to a restricted directory, allowing authenticated attackers to exploit FortiVoice Enterprise versions 7.0.0 and earlier up to 6.4.7. By crafting and sending specific HTTP or HTTPS requests, attackers can gain unauthorized access to arbitrary files within the system. This flaw poses significant risks to data integrity and security, compelling users and organizations to implement necessary patches and mitigations. Fortinet provides detailed information and guidance on addressing this vulnerability.",Fortinet,FortiVoice,6.5,MEDIUM,0.0008500000112690032,false,false,false,false,,false,false,2024-01-10T17:48:00.502Z,0
CVE-2022-27488,https://securityvulnerability.io/vulnerability/CVE-2022-27488,CSRF Vulnerability in Fortinet FortiVoice and Related Products,"A cross-site request forgery vulnerability exists within multiple Fortinet products, including FortiVoiceEnterprise, FortiSwitch, and FortiMail. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the command-line interface. The exploit relies on tricking authenticated administrators into sending malicious GET requests, potentially compromising sensitive administrative functions.",Fortinet,"Fortivoice,Fortirecorder,Fortiswitch,Fortindr,Fortimail",7.5,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0