### [CVE-2020-9294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9294)
![](https://img.shields.io/static/v1?label=Product&message=FortiMail&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FortiVoiceEnterprise&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.4.10%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.7%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.2.2%20and%20earlier%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control&color=brightgreen)

### Description

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/zhanpengliu-tencent/medium-cve