ID

VAR-202010-1344


CVE

CVE-2020-6648


TITLE

FortiOS  and  FortiProxy  Vulnerability of important information in plaintext

Trust: 0.8

sources: JVNDB: JVNDB-2020-012605

DESCRIPTION

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. FortiOS and FortiProxy Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. There is a security vulnerability in FortiOS 6.2.4 and earlier versions

Trust: 1.8

sources: NVD: CVE-2020-6648 // JVNDB: JVNDB-2020-012605 // VULHUB: VHN-184773 // VULMON: CVE-2020-6648

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:6.0.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:6.2.5

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:ltversion:1.2.10

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:lteversion:6.2.4 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012605 // NVD: CVE-2020-6648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6648
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2020-6648
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-6648
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-1124
value: MEDIUM

Trust: 0.6

VULHUB: VHN-184773
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-6648
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6648
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-184773
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6648
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2020-6648
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-6648
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184773 // VULMON: CVE-2020-6648 // JVNDB: JVNDB-2020-012605 // CNNVD: CNNVD-202010-1124 // NVD: CVE-2020-6648 // NVD: CVE-2020-6648

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.1

problemtype:Plaintext storage of important information (CWE-312) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-184773 // JVNDB: JVNDB-2020-012605 // NVD: CVE-2020-6648

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1124

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1124

PATCH

title:FG-IR-20-236 FortiGuard PSIRT Advisoryurl:https://www.fortiguard.com/psirt/FG-IR-20-236

Trust: 0.8

sources: JVNDB: JVNDB-2020-012605

EXTERNAL IDS

db:NVDid:CVE-2020-6648

Trust: 2.6

db:JVNDBid:JVNDB-2020-012605

Trust: 0.8

db:CNNVDid:CNNVD-202010-1124

Trust: 0.7

db:AUSCERTid:ESB-2021.0775

Trust: 0.6

db:AUSCERTid:ESB-2020.3787

Trust: 0.6

db:CNVDid:CNVD-2020-62939

Trust: 0.1

db:VULHUBid:VHN-184773

Trust: 0.1

db:VULMONid:CVE-2020-6648

Trust: 0.1

sources: VULHUB: VHN-184773 // VULMON: CVE-2020-6648 // JVNDB: JVNDB-2020-012605 // CNNVD: CNNVD-202010-1124 // NVD: CVE-2020-6648

REFERENCES

url:https://www.fortiguard.com/psirt/fg-ir-20-009

Trust: 1.8

url:https://www.fortiguard.com/psirt/fg-ir-20-236

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-6648

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3787/

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortios-information-disclosure-via-diag-sys-ha-checksum-show-33699

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0775

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/312.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-184773 // VULMON: CVE-2020-6648 // JVNDB: JVNDB-2020-012605 // CNNVD: CNNVD-202010-1124 // NVD: CVE-2020-6648

SOURCES

db:VULHUBid:VHN-184773
db:VULMONid:CVE-2020-6648
db:JVNDBid:JVNDB-2020-012605
db:CNNVDid:CNNVD-202010-1124
db:NVDid:CVE-2020-6648

LAST UPDATE DATE

2024-08-14T13:44:56.840000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-184773date:2022-06-15T00:00:00
db:VULMONid:CVE-2020-6648date:2021-03-11T00:00:00
db:JVNDBid:JVNDB-2020-012605date:2021-05-14T08:26:00
db:CNNVDid:CNNVD-202010-1124date:2021-03-15T00:00:00
db:NVDid:CVE-2020-6648date:2022-06-15T03:18:32.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-184773date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-6648date:2020-10-21T00:00:00
db:JVNDBid:JVNDB-2020-012605date:2021-05-14T00:00:00
db:CNNVDid:CNNVD-202010-1124date:2020-10-21T00:00:00
db:NVDid:CVE-2020-6648date:2020-10-21T14:15:20.387