FortiVoice Path Traversal Vulnerability

FortiVoice is a VoIP gateway system used by some organizations to manage voice communications. This vulnerability allows an attacker to write arbitrary files on the system, potentially leading to escalation of privilege and unauthorized access.

Affected versions: 7.0.7, 7.2.2 If you don't recognise this software, you're probably not affected.

1. Upgrade to FortiVoice 7.0.8 or above from the official Fortinet website: https://support.fortinet.com/success-center/fortivoice
2. Immediate mitigations:
3. Restrict network access to your FortiVoice instance (firewall it from the public internet)
4. Audit admin account activity for suspicious access patterns
5. Monitor for unauthorized file creation

• Vendor Advisory