ID

VAR-202006-1684


CVE

CVE-2020-6644


TITLE

FortiDeceptor Session deadline vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007087

DESCRIPTION

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. FortiDeceptor Exists in a session deadline vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques. There is a security vulnerability in Fortinet FortiDeceptor 3.0.0 and earlier versions. The vulnerability is caused by the fact that the session ID does not expire after the program is logged out

Trust: 1.8

sources: NVD: CVE-2020-6644 // JVNDB: JVNDB-2020-007087 // VULHUB: VHN-184769 // VULMON: CVE-2020-6644

AFFECTED PRODUCTS

vendor:fortinetmodel:fortideceptorscope:lteversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:eqversion:3.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007087 // NVD: CVE-2020-6644

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6644
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007087
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1542
value: HIGH

Trust: 0.6

VULHUB: VHN-184769
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-6644
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6644
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007087
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184769
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6644
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007087
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184769 // VULMON: CVE-2020-6644 // JVNDB: JVNDB-2020-007087 // CNNVD: CNNVD-202006-1542 // NVD: CVE-2020-6644

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.9

sources: VULHUB: VHN-184769 // JVNDB: JVNDB-2020-007087 // NVD: CVE-2020-6644

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1542

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1542

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007087

PATCH

title:FG-IR-20-006url:https://fortiguard.com/advisory/FG-IR-20-006

Trust: 0.8

title:Fortinet FortiDeceptor Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122766

Trust: 0.6

sources: JVNDB: JVNDB-2020-007087 // CNNVD: CNNVD-202006-1542

EXTERNAL IDS

db:NVDid:CVE-2020-6644

Trust: 2.6

db:JVNDBid:JVNDB-2020-007087

Trust: 0.8

db:CNNVDid:CNNVD-202006-1542

Trust: 0.7

db:NSFOCUSid:46971

Trust: 0.6

db:AUSCERTid:ESB-2020.2169

Trust: 0.6

db:VULHUBid:VHN-184769

Trust: 0.1

db:VULMONid:CVE-2020-6644

Trust: 0.1

sources: VULHUB: VHN-184769 // VULMON: CVE-2020-6644 // JVNDB: JVNDB-2020-007087 // CNNVD: CNNVD-202006-1542 // NVD: CVE-2020-6644

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-006

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-6644

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6644

Trust: 0.8

url:http://www.nsfocus.net/vulndb/46971

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2169/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/613.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/183784

Trust: 0.1

sources: VULHUB: VHN-184769 // VULMON: CVE-2020-6644 // JVNDB: JVNDB-2020-007087 // CNNVD: CNNVD-202006-1542 // NVD: CVE-2020-6644

SOURCES

db:VULHUBid:VHN-184769
db:VULMONid:CVE-2020-6644
db:JVNDBid:JVNDB-2020-007087
db:CNNVDid:CNNVD-202006-1542
db:NVDid:CVE-2020-6644

LAST UPDATE DATE

2024-08-14T14:44:48.192000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-184769date:2020-06-29T00:00:00
db:VULMONid:CVE-2020-6644date:2020-06-29T00:00:00
db:JVNDBid:JVNDB-2020-007087date:2020-07-30T00:00:00
db:CNNVDid:CNNVD-202006-1542date:2020-06-30T00:00:00
db:NVDid:CVE-2020-6644date:2020-06-29T01:20:04.167

SOURCES RELEASE DATE

db:VULHUBid:VHN-184769date:2020-06-22T00:00:00
db:VULMONid:CVE-2020-6644date:2020-06-22T00:00:00
db:JVNDBid:JVNDB-2020-007087date:2020-07-30T00:00:00
db:CNNVDid:CNNVD-202006-1542date:2020-06-22T00:00:00
db:NVDid:CVE-2020-6644date:2020-06-22T16:15:12.057