ID

VAR-202106-0693


CVE

CVE-2020-6641


TITLE

Fortinet FortiPresence  Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-016850

DESCRIPTION

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. Fortinet FortiPresence Contains an improper authentication vulnerability.Information may be obtained. A security vulnerability exists in the management interface of Fortinet FortiPresence 2.1.0 and earlier

Trust: 1.71

sources: NVD: CVE-2020-6641 // JVNDB: JVNDB-2020-016850 // VULHUB: VHN-184766

AFFECTED PRODUCTS

vendor:fortinetmodel:fortipresencescope:ltversion:20.1

Trust: 1.0

vendor:フォーティネットmodel:fortipresencescope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortipresencescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-016850 // NVD: CVE-2020-6641

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6641
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2020-6641
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-6641
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-777
value: MEDIUM

Trust: 0.6

VULHUB: VHN-184766
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6641
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-184766
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6641
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-016850
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184766 // JVNDB: JVNDB-2020-016850 // CNNVD: CNNVD-202003-777 // NVD: CVE-2020-6641 // NVD: CVE-2020-6641

PROBLEMTYPE DATA

problemtype:CWE-639

Trust: 1.1

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-184766 // JVNDB: JVNDB-2020-016850 // NVD: CVE-2020-6641

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-777

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-777

PATCH

title:FG-IR-19-258url:https://fortiguard.com/advisory/FG-IR-19-258

Trust: 0.8

title:FortiPresence administration interface Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111912

Trust: 0.6

sources: JVNDB: JVNDB-2020-016850 // CNNVD: CNNVD-202003-777

EXTERNAL IDS

db:NVDid:CVE-2020-6641

Trust: 3.3

db:JVNDBid:JVNDB-2020-016850

Trust: 0.8

db:CNNVDid:CNNVD-202003-777

Trust: 0.7

db:AUSCERTid:ESB-2020.0904

Trust: 0.6

db:VULHUBid:VHN-184766

Trust: 0.1

sources: VULHUB: VHN-184766 // JVNDB: JVNDB-2020-016850 // CNNVD: CNNVD-202003-777 // NVD: CVE-2020-6641

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-19-258

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-6641

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0904/

Trust: 0.6

sources: VULHUB: VHN-184766 // JVNDB: JVNDB-2020-016850 // CNNVD: CNNVD-202003-777 // NVD: CVE-2020-6641

SOURCES

db:VULHUBid:VHN-184766
db:JVNDBid:JVNDB-2020-016850
db:CNNVDid:CNNVD-202003-777
db:NVDid:CVE-2020-6641

LAST UPDATE DATE

2024-08-14T14:44:24.429000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-184766date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2020-016850date:2022-02-17T06:42:00
db:CNNVDid:CNNVD-202003-777date:2022-05-05T00:00:00
db:NVDid:CVE-2020-6641date:2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:VULHUBid:VHN-184766date:2021-06-02T00:00:00
db:JVNDBid:JVNDB-2020-016850date:2022-02-17T00:00:00
db:CNNVDid:CNNVD-202003-777date:2020-03-12T00:00:00
db:NVDid:CVE-2020-6641date:2021-06-02T11:15:07.957