CVE-2020-29010 — Sensitive Information Exposure in Fortinet Fortios

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 61.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedMar 17

Description

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP address.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/fortios6.0.0 — 6.0.11+1

▶CVEListV5fortinet/fortios6.2.1 — 6.2.4+1

🔴Vulnerability Details

GHSA

GHSA-qh8m-89j4-42jf: An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6↗2025-03-17

▶

CVEList

CVE-2020-29010: An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6↗2025-03-17

▶

📋Vendor Advisories

Fortinet

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version...↗2025-03-17

▶