CVE-2020-15936 — Improper Input Validation in Fortinet Fortios

CWE-20 — Improper Input Validation CWE-668 — Resource Exposure4 documents4 sources

Severity

4.5MEDIUMNVD

CNA2.6

EPSS

0.3%

top 43.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortios

Timeline

PublishedMar 1

Latest updateMar 2

Description

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortios5.6.0 — 5.6.13+3

▶CVEListV5fortinet/fortinet_fortiosFortiOS 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0

🔴Vulnerability Details

GHSA

GHSA-57m7-2g72-pv8m: A improper input validation in Fortinet FortiGate version 6↗2022-03-02

▶

CVEList

CVE-2020-15936: A improper input validation in Fortinet FortiGate version 6↗2022-03-01

▶

📋Vendor Advisories

Fortinet

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and b...↗2022-03-01

▶