Sign-up

ID

VAR-202006-1684


CVE

CVE-2020-6644


TITLE

FortiDeceptor Session deadline vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007087

DESCRIPTION

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. FortiDeceptor Exists in a session deadline vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques. There is a security vulnerability in Fortinet FortiDeceptor 3.0.0 and earlier versions. The vulnerability is caused by the fact that the session ID does not expire after the program is logged out

Trust: 1.8

sources: NVD: CVE-2020-6644 // JVNDB: JVNDB-2020-007087 // VULHUB: VHN-184769 // VULMON: CVE-2020-6644

AFFECTED PRODUCTS

vendor:fortinetmodel:fortideceptorscope:lteversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:eqversion:3.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007087 // NVD: CVE-2020-6644

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6644
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007087
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1542
value: HIGH

Trust: 0.6

VULHUB: VHN-184769
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-6644
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6644
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007087
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184769
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6644
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007087
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184769 // VULMON: CVE-2020-6644 // JVNDB: JVNDB-2020-007087 // CNNVD: CNNVD-202006-1542 // NVD: CVE-2020-6644

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.9

sources: VULHUB: VHN-184769 // JVNDB: JVNDB-2020-007087 // NVD: CVE-2020-6644

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1542

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1542

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007087

PATCH
title:FG-IR-20-006url:https://fortiguard.com/advisory/FG-IR-20-006
Trust: 0.8
title:Fortinet FortiDeceptor Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122766
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007087 // 
            
            
            
            CNNVD: CNNVD-202006-1542

EXTERNAL IDS
db:NVDid:CVE-2020-6644
Trust: 2.6
db:JVNDBid:JVNDB-2020-007087
Trust: 0.8
db:CNNVDid:CNNVD-202006-1542
Trust: 0.7
db:NSFOCUSid:46971
Trust: 0.6
db:AUSCERTid:ESB-2020.2169
Trust: 0.6
db:VULHUBid:VHN-184769
Trust: 0.1
db:VULMONid:CVE-2020-6644
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184769 // 
            
            
            
            VULMON: CVE-2020-6644 // 
            
            
            
            JVNDB: JVNDB-2020-007087 // 
            
            
            
            CNNVD: CNNVD-202006-1542 // 
            
            
            
            NVD: CVE-2020-6644

REFERENCES
url:https://fortiguard.com/advisory/fg-ir-20-006
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-6644
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6644
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46971
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2169/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/613.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/183784
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184769 // 
            
            
            
            VULMON: CVE-2020-6644 // 
            
            
            
            JVNDB: JVNDB-2020-007087 // 
            
            
            
            CNNVD: CNNVD-202006-1542 // 
            
            
            
            NVD: CVE-2020-6644

SOURCES
db:VULHUBid:VHN-184769
db:VULMONid:CVE-2020-6644
db:JVNDBid:JVNDB-2020-007087
db:CNNVDid:CNNVD-202006-1542
db:NVDid:CVE-2020-6644

LAST UPDATE DATE
2024-08-14T14:44:48.192000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-184769date:2020-06-29T00:00:00
db:VULMONid:CVE-2020-6644date:2020-06-29T00:00:00
db:JVNDBid:JVNDB-2020-007087date:2020-07-30T00:00:00
db:CNNVDid:CNNVD-202006-1542date:2020-06-30T00:00:00
db:NVDid:CVE-2020-6644date:2020-06-29T01:20:04.167

SOURCES RELEASE DATE
db:VULHUBid:VHN-184769date:2020-06-22T00:00:00
db:VULMONid:CVE-2020-6644date:2020-06-22T00:00:00
db:JVNDBid:JVNDB-2020-007087date:2020-07-30T00:00:00
db:CNNVDid:CNNVD-202006-1542date:2020-06-22T00:00:00
db:NVDid:CVE-2020-6644date:2020-06-22T16:15:12.057