ID

VAR-202203-1450


CVE

CVE-2020-15936


TITLE

Fortinet FortiGate  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006845

DESCRIPTION

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. Fortinet FortiGate There is an input validation vulnerability in.Information may be obtained. Fortinet FortiGate is a next-generation firewall product developed by Fortinet

Trust: 1.71

sources: NVD: CVE-2020-15936 // JVNDB: JVNDB-2022-006845 // VULHUB: VHN-168964

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.2.5

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.4.3

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.6.13

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope:lteversion:6.0.11 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:lteversion:5.6.13 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:lteversion:6.2.5 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:lteversion:6.4.3 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-006845 // NVD: CVE-2020-15936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15936
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2020-15936
value: LOW

Trust: 1.0

NVD: CVE-2020-15936
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202203-028
value: MEDIUM

Trust: 0.6

VULHUB: VHN-168964
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-15936
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-168964
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-15936
baseSeverity: MEDIUM
baseScore: 4.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2020-15936
baseSeverity: LOW
baseScore: 2.6
vectorString: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-15936
baseSeverity: MEDIUM
baseScore: 4.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-168964 // JVNDB: JVNDB-2022-006845 // CNNVD: CNNVD-202203-028 // NVD: CVE-2020-15936 // NVD: CVE-2020-15936

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-668

Trust: 0.1

sources: VULHUB: VHN-168964 // JVNDB: JVNDB-2022-006845 // NVD: CVE-2020-15936

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202203-028

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202203-028

PATCH

title:FG-IR-20-091url:https://fortiguard.com/advisory/FG-IR-20-091

Trust: 0.8

title:Fortinet FortiGate Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184268

Trust: 0.6

sources: JVNDB: JVNDB-2022-006845 // CNNVD: CNNVD-202203-028

EXTERNAL IDS

db:NVDid:CVE-2020-15936

Trust: 3.3

db:JVNDBid:JVNDB-2022-006845

Trust: 0.8

db:AUSCERTid:ESB-2022.0861

Trust: 0.6

db:CS-HELPid:SB2022030124

Trust: 0.6

db:CNNVDid:CNNVD-202203-028

Trust: 0.6

db:CNVDid:CNVD-2022-50954

Trust: 0.1

db:VULHUBid:VHN-168964

Trust: 0.1

sources: VULHUB: VHN-168964 // JVNDB: JVNDB-2022-006845 // CNNVD: CNNVD-202203-028 // NVD: CVE-2020-15936

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-091

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-15936

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.0861

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2020-15936/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030124

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortios-information-disclosure-via-sni-client-hello-tls-packets-37681

Trust: 0.6

sources: VULHUB: VHN-168964 // JVNDB: JVNDB-2022-006845 // CNNVD: CNNVD-202203-028 // NVD: CVE-2020-15936

SOURCES

db:VULHUBid:VHN-168964
db:JVNDBid:JVNDB-2022-006845
db:CNNVDid:CNNVD-202203-028
db:NVDid:CVE-2020-15936

LAST UPDATE DATE

2024-08-14T13:22:35.600000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-168964date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-006845date:2023-07-10T07:27:00
db:CNNVDid:CNNVD-202203-028date:2022-07-14T00:00:00
db:NVDid:CVE-2020-15936date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-168964date:2022-03-01T00:00:00
db:JVNDBid:JVNDB-2022-006845date:2023-07-10T00:00:00
db:CNNVDid:CNNVD-202203-028date:2022-03-01T00:00:00
db:NVDid:CVE-2020-15936date:2022-03-01T19:15:08.097