Lucene search

[email protected]NVD:CVE-2020-15936

HistoryMar 01, 2022 - 7:15 p.m.

CVE-2020-15936

2022-03-0119:15:08

CWE-20

[email protected]

web.nvd.nist.gov

cve-2020-15936

fortigate

input validation

sensitive information

sni

tls

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

Affected configurations

Nvd

Node

fortinetfortiosRange5.6.0–5.6.13

fortinetfortiosRange6.0.0–6.0.11

fortinetfortiosRange6.2.0–6.2.5

fortinetfortiosRange6.4.0–6.4.3

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::

References

fortiguard.com/advisory/FG-IR-20-091

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-15936

cve1 cvelist1 fortinet1 prion1