Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-311.050420: TT-CSIRT ADVISORY – AUTHENTICATION BYPASS IN FORTIMAIL AND FORTIVOICE ENTERPRISE

TTCSIRT-311.050420: TT-CSIRT ADVISORY – AUTHENTICATION BYPASS IN FORTIMAIL AND FORTIVOICE ENTERPRISE

An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

As a result, this can lead to Improper Access Control.

Products Affected:

FortiMail versions 5.4.10 and below.
FortiMail versions 6.0.7 and below.
FortiMail versions 6.2.2 and below.

FortiVoiceEntreprise versions 6.0.1 and below.

FortiMail versions 5.3 and lower are not impacted by this vulnerability.
FortiVoiceEnterprise versions 5.3 and lower are not impacted by this vulnerability.

FortiMail Cloud has been upgraded to non-impacted versions.

Solutions:

Please upgrade to FortiMail version 5.4.11 or above.
Please upgrade to FortiMail version 6.0.8 or above.
Please upgrade to FortiMail version 6.2.3 or above.

Please upgrade to FortiVoiceEntreprise version 6.0.2 or above.

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) encourages users and administrators to review and apply the necessary updates.

0 May 4, 2020
Security Advisories
Language
April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  

Abercromby Street, Port of Spain, Trinidad and Tobago, W.I.

contacts@ttcsirt.gov.tt

+1 868 623 5439

©  2024 TT-CSIRT: Trinidad and Tobago Cyber Security Incident Response Team. Built using WordPress and the Materialis Theme