CVE-2023-40720 - Vulnerability Details - OpenCVE

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Fortivoice

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::*
	cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::*

No data.

References

Link	Providers
https://www.spirityenterprise.com/virtual-ciso
https://fortiguard.com/psirt/FG-IR-23-282

History

No history.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-05-14T16:19:12.993Z

Updated: 2024-08-02T18:38:51.211Z

Reserved: 2023-08-21T09:03:44.316Z

Link: CVE-2023-40720

Vulnrichment

Updated: 2024-05-14T19:29:30.379Z

NVD

Status : Modified

Published: 2024-05-14T17:15:19.067

Modified: 2024-11-21T08:20:01.767

Link: CVE-2023-40720

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40720", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-08-21T09:03:44.316Z", "datePublished": "2024-05-14T16:19:12.993Z", "dateUpdated": "2024-08-02T18:38:51.211Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiVoice", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.1", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.8", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.12", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-05-14T16:19:12.993Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-282", "url": "https://fortiguard.com/psirt/FG-IR-23-282"}]}, "adp": [{"affected": [{"vendor": "fortinet", "product": "fortivoice", "cpes": ["cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.4.0", "status": "affected", "lessThanOrEqual": "6.4.8", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortivoice", "cpes": ["cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.0.0", "status": "affected", "lessThan": "6.1.0", "versionType": "custom"}]}, {"vendor": "fortinet", "product": "fortivoice", "cpes": ["cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.0.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-14T18:45:02.788040Z", "id": "CVE-2023-40720", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T20:43:50.771Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:51.211Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-282", "url": "https://fortiguard.com/psirt/FG-IR-23-282", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40720", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-08-21T09:03:44.316Z", "datePublished": "2024-05-14T16:19:12.993Z", "dateUpdated": "2024-06-05T20:43:50.771Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiVoice", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.1", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.8", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.12", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-05-14T16:19:12.993Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-282", "url": "https://fortiguard.com/psirt/FG-IR-23-282"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40720", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T18:45:02.788040Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortivoice", "versions": [{"status": "affected", "version": "6.4.0", "versionType": "custom", "lessThanOrEqual": "6.4.8"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortivoice", "versions": [{"status": "affected", "version": "6.0.0", "lessThan": "6.1.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortivoice", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "custom", "lessThanOrEqual": "7.0.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T19:29:30.379Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0B44874-E530-40B9-92F5-03667CFB9F1C", "versionEndIncluding": "6.0.12", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FCE3488-2ABC-4608-91D4-8B25A9C180FA", "versionEndIncluding": "6.4.8", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB44AB41-E006-489F-9C49-2DFA73EF01B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "46ED919A-533A-4C6D-9042-B67A9E89FF29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests."}, {"lang": "es", "value": "Una omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una vulnerabilidad de clave controlada por el usuario [CWE-639] en FortiVoiceEntreprise versi\u00f3n 7.0.0 a 7.0.1 y anteriores a 6.4.8 permite a un atacante autenticado leer la configuraci\u00f3n SIP de otros usuarios a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas."}], "id": "CVE-2023-40720", "lastModified": "2024-11-21T08:20:01.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T17:15:19.067", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-282"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}