IDOR over SIP configuration file

Summary

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise may allow an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.

Version Affected Solution
FortiVoice 7.0 7.0.0 through 7.0.1 Upgrade to 7.0.2 or above
FortiVoice 6.4 6.4.0 through 6.4.8 Upgrade to 6.4.9 or above
FortiVoice 6.0 6.0 all versions Migrate to a fixed release

Acknowledgement

Internally discovered and reported by Hritik Sateesh from Fortinet's Burnaby Infosec team.

Timeline

2024-05-14: Initial publication