IDOR over SIP configuration file

Fortiguard Security Advisory

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise may allow an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.


Leave a Reply

Your email address will not be published. Required fields are marked *