CVE-2020-15935

CWE-312Cleartext Storage of Sensitive Info4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 77.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiadcFortinet Fortinet Fortiadc
Timeline
PublishedNov 2
Latest updateMay 24

Description

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortiadc5.0.05.4.3+1
CVEListV5fortinet/fortinet_fortiadcFortiADC 5.4.3 6.0.0

🔴Vulnerability Details

2
GHSA
GHSA-j26f-vqgh-5h66: A cleartext storage of sensitive information in GUI in FortiADC versions 52022-05-24
CVEList
CVE-2020-15935: A cleartext storage of sensitive information in GUI in FortiADC versions 52021-11-02

📋Vendor Advisories

1
Fortinet
A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a re...2021-11-02
CVE-2020-15935 (MEDIUM CVSS 4.3) | A cleartext storage of sensitive in | cvebase.io