Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for FortiGate and FortiProxy by Fortinet

    CVE-2020-6648 (GCVE-0-2020-6648)

    Vulnerability from nvd – Published: 2020-10-21 14:05 – Updated: 2024-10-25 14:24
    VLAI
    Summary
    A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiGate and FortiProxy Affected: FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:04.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-6648",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T20:09:40.110577Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:24:11.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FortiGate and FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-11T20:09:26.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2020-6648",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FortiGate and FortiProxy",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fortinet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "availabilityImpact": "None",
                "baseScore": 5.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "userInteraction": "None",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.fortiguard.com/psirt/FG-IR-20-009",
                  "refsource": "CONFIRM",
                  "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
                },
                {
                  "name": "https://www.fortiguard.com/psirt/FG-IR-20-236",
                  "refsource": "CONFIRM",
                  "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2020-6648",
        "datePublished": "2020-10-21T14:05:55.000Z",
        "dateReserved": "2020-01-09T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:24:11.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6648 (GCVE-0-2020-6648)

    Vulnerability from cvelistv5 – Published: 2020-10-21 14:05 – Updated: 2024-10-25 14:24
    VLAI
    Summary
    A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiGate and FortiProxy Affected: FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:11:04.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-6648",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T20:09:40.110577Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:24:11.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FortiGate and FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-11T20:09:26.000Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@fortinet.com",
              "ID": "CVE-2020-6648",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FortiGate and FortiProxy",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fortinet"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "availabilityImpact": "None",
                "baseScore": 5.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "userInteraction": "None",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.fortiguard.com/psirt/FG-IR-20-009",
                  "refsource": "CONFIRM",
                  "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
                },
                {
                  "name": "https://www.fortiguard.com/psirt/FG-IR-20-236",
                  "refsource": "CONFIRM",
                  "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2020-6648",
        "datePublished": "2020-10-21T14:05:55.000Z",
        "dateReserved": "2020-01-09T00:00:00.000Z",
        "dateUpdated": "2024-10-25T14:24:11.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }