Sign-up

ID

VAR-202501-2233


CVE

CVE-2023-37931


DESCRIPTION

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests

Trust: 1.0

sources: NVD: CVE-2023-37931

AFFECTED PRODUCTS

vendor:fortinetmodel:fortivoicescope:ltversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:6.4.9

Trust: 1.0

sources: NVD: CVE-2023-37931

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2023-37931
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2023-37931
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-37931

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2023-37931

EXTERNAL IDS

db:NVDid:CVE-2023-37931

Trust: 1.0

sources: NVD: CVE-2023-37931

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-220

Trust: 1.0

sources: NVD: CVE-2023-37931

SOURCES

db:NVDid:CVE-2023-37931

LAST UPDATE DATE

2025-07-23T23:26:01.129000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-37931date:2025-07-22T21:25:52.813

SOURCES RELEASE DATE

db:NVDid:CVE-2023-37931date:2025-01-14T14:15:26.623