Lucene search

FortinetCVELIST:CVE-2020-6648

HistoryOct 21, 2020 - 2:05 p.m.

CVE-2020-6648

2020-10-2114:05:55

fortinet

www.cve.org

fortios

fortiproxy

vulnerability

authenticated attackers

sensitive information

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the “diag sys ha checksum show” command.

CNA Affected

[
  {
    "product": "FortiGate and FortiProxy",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."
      }
    ]
  }
]

References

www.fortiguard.com/psirt/FG-IR-20-009

www.fortiguard.com/psirt/FG-IR-20-236

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVELIST:CVE-2020-6648