Fortinet FortiNDR and FortiVoice Unauthorized Backup File Access Vulnerability

A vulnerability allowing unauthorized access to backup information has been identified in Fortinet FortiNDR versions 7.6.0, 7.4.0 through 7.4.8, 7.2 (all versions), 7.1 (all versions), and 7.0 (all versions), as well as FortiVoice versions 7.0.0 through 7.0.1. This vulnerability allows remote authenticated attackers with at least read-only permission on system maintenance to access sensitive information via crafted HTTP requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive backup information.

Remediation

Users of Fortinet FortiNDR should upgrade to FortiNDR 7.6.1, FortiNDR 7.4.9, or migrate to a fixed release for FortiNDR 7.2, 7.1, or 7.0. Fortinet FortiVoice users should upgrade to FortiVoice 7.0.2 or above.