FortiVoice is a VoIP phone system used by some organizations for voice communications. This vulnerability allows an authenticated privileged attacker to execute unauthorized code or commands via crafted requests, potentially leading to unauthorized access to sensitive data.
You're affected if you use An improper neutralization of special elements used. Affected versions: 7.0.7, 7.2.2 If you don't recognise this software, you're probably not affected.
Upgrade to FortiVoice 7.2.3 or above from the official Fortinet website: https://support.fortinet.com/solutions/700000000001
- For immediate mitigations:
- Restrict network access to your FortiVoice instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation