Details of VAR-202106-0693

ID

VAR-202106-0693

CVE

CVE-2020-6641

TITLE

Fortinet FortiPresence Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-016850

DESCRIPTION

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. Fortinet FortiPresence Contains an improper authentication vulnerability.Information may be obtained. A security vulnerability exists in the management interface of Fortinet FortiPresence 2.1.0 and earlier

Trust: 1.71

sources: NVD: CVE-2020-6641 // JVNDB: JVNDB-2020-016850 // VULHUB: VHN-184766

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortipresence	scope:	lt	version:	20.1	Trust: 1.0
vendor:	フォーティネット	model:	fortipresence	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortipresence	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-016850 // NVD: CVE-2020-6641

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6641
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2020-6641
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-6641
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202003-777
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-184766
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-6641
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-184766
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-6641
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-016850
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-184766 // JVNDB: JVNDB-2020-016850 // CNNVD: CNNVD-202003-777 // NVD: CVE-2020-6641 // NVD: CVE-2020-6641

PROBLEMTYPE DATA

problemtype:	CWE-639	Trust: 1.1
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-184766 // JVNDB: JVNDB-2020-016850 // NVD: CVE-2020-6641

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-777

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-777

PATCH

title:	FG-IR-19-258	url:	https://fortiguard.com/advisory/FG-IR-19-258	Trust: 0.8
title:	FortiPresence administration interface Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111912	Trust: 0.6

sources: JVNDB: JVNDB-2020-016850 // CNNVD: CNNVD-202003-777

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6641	Trust: 3.3
db:	JVNDB	id:	JVNDB-2020-016850	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-777	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0904	Trust: 0.6
db:	VULHUB	id:	VHN-184766	Trust: 0.1

sources: VULHUB: VHN-184766 // JVNDB: JVNDB-2020-016850 // CNNVD: CNNVD-202003-777 // NVD: CVE-2020-6641

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-258	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6641	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0904/	Trust: 0.6

sources: VULHUB: VHN-184766 // JVNDB: JVNDB-2020-016850 // CNNVD: CNNVD-202003-777 // NVD: CVE-2020-6641

SOURCES

db:	VULHUB	id:	VHN-184766
db:	JVNDB	id:	JVNDB-2020-016850
db:	CNNVD	id:	CNNVD-202003-777
db:	NVD	id:	CVE-2020-6641

LAST UPDATE DATE

2024-08-14T14:44:24.429000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-184766	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-016850	date:	2022-02-17T06:42:00
db:	CNNVD	id:	CNNVD-202003-777	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2020-6641	date:	2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-184766	date:	2021-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-016850	date:	2022-02-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-777	date:	2020-03-12T00:00:00
db:	NVD	id:	CVE-2020-6641	date:	2021-06-02T11:15:07.957