Lucene search
FortinetCVELIST:CVE-2020-15938HistoryMar 04, 2021 - 5:28 p.m.
CVE-2020-15938
2021-03-0417:28:59
fortinet
www.cve.org
5
fortigate
redirecting traffic
non-http
port 80
port 443
transparent proxy
CVSS3
4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS
0.001
Percentile
35.9%
When traffic other than HTTP/S (eg: SSH traffic, etc…) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn’t have a valid HTTP header.
CNA Affected
[
{
"product": "Fortinet FortiOS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiOS 6.4.2, 6.2.5"
}
]
}
]References
Related
fortinet
fortinet
Protect
2021-01-21 00:00:00
prion
prion
Design/Logic Flaw
2021-03-04 18:15:00
nessus
nessus
Fortinet FortiOS <= 6.2.5 / 6.4 <= 6.4.2 Traffic Bypass (FG-IR-20-172)
2021-03-11 00:00:00
cve
cve
CVE-2020-15938
2021-03-04 18:15:12
nvd
nvd
CVE-2020-15938
2021-03-04 18:15:12
CVSS3
4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS
0.001
Percentile
35.9%
Related for CVELIST:CVE-2020-15938