CVE-2020-15938 — Fortinet Fortios vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

CNA4.0

EPSS

0.4%

top 42.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortios

Timeline

PublishedMar 4

Latest updateMay 24

Description

When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortios6.4.0 — 6.4.2+1

▶CVEListV5fortinet/fortinet_fortiosFortiOS 6.4.2, 6.2.5

🔴Vulnerability Details

GHSA

GHSA-7rj5-2x5r-5j6v: When traffic other than HTTP/S (eg: SSH traffic, etc↗2022-05-24

▶

CVEList

CVE-2020-15938: When traffic other than HTTP/S (eg: SSH traffic, etc↗2021-03-04

▶

📋Vendor Advisories

Fortinet

When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2...↗2021-03-04

▶