CVE-2023-40720 - Vulnerability Details - OpenCVE

Description

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

Published: 2024-05-14

Score: 6.7 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Fortinet

FortiVoice

unaffected

Version	Status	Constraints
`7.0.0`	affected	≤ 7.0.1
`6.4.0`	affected	≤ 6.4.8
`6.0.0`	affected	≤ 6.0.12

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::*
	cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::*

No data.

No data available yet.

Remediation

Vendor Solution

Please upgrade to FortiVoice version 7.0.2 or above Please upgrade to FortiVoice version 6.4.9 or above

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-45274	An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-23-282

History

No history.

Subscriptions

Fortinet Fortivoice

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-05-14T16:19:12.993Z

Updated: 2024-08-02T18:38:51.211Z

Reserved: 2023-08-21T09:03:44.316Z

Link: CVE-2023-40720

Vulnrichment

Updated: 2024-05-14T19:29:30.379Z

NVD

Status : Modified

Published: 2024-05-14T17:15:19.067

Modified: 2024-11-21T08:20:01.767

Link: CVE-2023-40720

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-639

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40720", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-08-21T09:03:44.316Z", "datePublished": "2024-05-14T16:19:12.993Z", "dateUpdated": "2024-08-02T18:38:51.211Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiVoice", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.1", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.8", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.12", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-05-14T16:19:12.993Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-282", "url": "https://fortiguard.com/psirt/FG-IR-23-282"}]}, "adp": [{"affected": [{"vendor": "fortinet", "product": "fortivoice", "cpes": ["cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.4.0", "status": "affected", "lessThanOrEqual": "6.4.8", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortivoice", "cpes": ["cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.0.0", "status": "affected", "lessThan": "6.1.0", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortivoice", "cpes": ["cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-14T18:45:02.788040Z", "id": "CVE-2023-40720", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T20:43:50.771Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:51.211Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-282", "url": "https://fortiguard.com/psirt/FG-IR-23-282", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40720", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-08-21T09:03:44.316Z", "datePublished": "2024-05-14T16:19:12.993Z", "dateUpdated": "2024-06-05T20:43:50.771Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiVoice", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.1", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.8", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.12", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-05-14T16:19:12.993Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-282", "url": "https://fortiguard.com/psirt/FG-IR-23-282"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40720", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T18:45:02.788040Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortivoice", "versions": [{"status": "affected", "version": "6.4.0", "versionType": "custom", "lessThanOrEqual": "6.4.8"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortivoice", "versions": [{"status": "affected", "version": "6.0.0", "lessThan": "6.1.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortivoice", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T19:29:30.379Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0B44874-E530-40B9-92F5-03667CFB9F1C", "versionEndIncluding": "6.0.12", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FCE3488-2ABC-4608-91D4-8B25A9C180FA", "versionEndIncluding": "6.4.8", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB44AB41-E006-489F-9C49-2DFA73EF01B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "46ED919A-533A-4C6D-9042-B67A9E89FF29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests."}, {"lang": "es", "value": "Una omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una vulnerabilidad de clave controlada por el usuario [CWE-639] en FortiVoiceEntreprise versi\u00f3n 7.0.0 a 7.0.1 y anteriores a 6.4.8 permite a un atacante autenticado leer la configuraci\u00f3n SIP de otros usuarios a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas."}], "id": "CVE-2023-40720", "lastModified": "2024-11-21T08:20:01.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T17:15:19.067", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-282"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}