Lucene search

FortinetCVELIST:CVE-2020-15935

HistoryNov 02, 2021 - 7:00 p.m.

CVE-2020-15935

2021-11-0219:00:53

fortinet

www.cve.org

cve-2020-15935

cleartext storage

sensitive information

fortiadc

gui

remote authenticated attacker

ldap passwords

radius shared secret

deobfuscating passwords

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.

CNA Affected

[
  {
    "product": "Fortinet FortiADC",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiADC 5.4.3 6.0.0"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-20-044

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

Related for CVELIST:CVE-2020-15935