Vulnerability-Lookup

CVE-2020-6648 (GCVE-0-2020-6648)

Vulnerability from cvelistv5 – Published: 2020-10-21 14:05 – Updated: 2024-10-25 14:24

Summary

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Information disclosure

Assigner

fortinet

References

URL

Tags

	https://www.fortiguard.com/psirt/FG-IR-20-009	x_refsource_CONFIRM
	https://www.fortiguard.com/psirt/FG-IR-20-236	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet	FortiGate and FortiProxy	Affected: FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:11:04.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-6648",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:09:40.110577Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:24:11.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiGate and FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-11T20:09:26.000Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2020-6648",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiGate and FortiProxy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 5.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-009",
              "refsource": "CONFIRM",
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
            },
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-236",
              "refsource": "CONFIRM",
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2020-6648",
    "datePublished": "2020-10-21T14:05:55.000Z",
    "dateReserved": "2020-01-09T00:00:00.000Z",
    "dateUpdated": "2024-10-25T14:24:11.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-009\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-236\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T09:11:04.625Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-6648\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:09:40.110577Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:16:55.491Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiGate and FortiProxy\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier.\"}]}], \"references\": [{\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-009\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-236\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \\\"diag sys ha checksum show\\\" command.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2021-03-11T20:09:26.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"Unchanged\", \"version\": \"3.1\", \"baseScore\": 5.2, \"attackVector\": \"Network\", \"baseSeverity\": \"Medium\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"None\", \"userInteraction\": \"None\", \"attackComplexity\": \"Low\", \"availabilityImpact\": \"None\", \"privilegesRequired\": \"None\", \"confidentialityImpact\": \"Low\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier.\"}]}, \"product_name\": \"FortiGate and FortiProxy\"}]}, \"vendor_name\": \"Fortinet\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-009\", \"name\": \"https://www.fortiguard.com/psirt/FG-IR-20-009\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-236\", \"name\": \"https://www.fortiguard.com/psirt/FG-IR-20-236\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \\\"diag sys ha checksum show\\\" command.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Information disclosure\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-6648\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-6648\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:24:11.567Z\", \"dateReserved\": \"2020-01-09T00:00:00.000Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2020-10-21T14:05:55.000Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2021-AVI-165

Vulnerability from certfr_avis - Published: 2021-03-04 - Updated: 2021-03-04

De multiples vulnérabilités ont été découvertes dans Fortinet FortiProxy. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiProxy	FortiProxy versions 2.x antérieures à 2.0.1
	Fortinet	FortiProxy	FortiProxy versions 1.x antérieures à 1.2.10

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-20-235 du 26 février 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-230 du 26 février 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-236 du 26 février 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-224 du 26 février 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 2.x ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 1.x ant\u00e9rieures \u00e0 1.2.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17655"
    },
    {
      "name": "CVE-2021-22128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22128"
    },
    {
      "name": "CVE-2018-13380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13380"
    },
    {
      "name": "CVE-2020-6648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6648"
    }
  ],
  "initial_release_date": "2021-03-04T00:00:00",
  "last_revision_date": "2021-03-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-165",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Fortinet\nFortiProxy. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiProxy",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-235 du 26 f\u00e9vrier 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-235"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-230 du 26 f\u00e9vrier 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-230"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-236 du 26 f\u00e9vrier 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-224 du 26 f\u00e9vrier 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-224"
    }
  ]
}

CERTFR-2020-AVI-684

Vulnerability from certfr_avis - Published: 2020-10-28 - Updated: 2020-10-28

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClient pour Linux versions antérieures à 6.4.1
Fortinet	FortiOS	FortiOS version antérieures à 6.4.0
Fortinet	FortiClient	FortiClient pour Linux versions antérieures à 6.2.8
Fortinet	FortiOS	FortiOS version antérieures à 6.2.5

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-20-009 du 19 octobre 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-110 du 19 octobre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClient pour Linux versions ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS version ant\u00e9rieures \u00e0 6.4.0",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClient pour Linux versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS version ant\u00e9rieures \u00e0 6.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-15934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15934"
    },
    {
      "name": "CVE-2020-6648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6648"
    }
  ],
  "initial_release_date": "2020-10-28T00:00:00",
  "last_revision_date": "2020-10-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-684",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-009 du 19 octobre 2020",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-110 du 19 octobre 2020",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-110"
    }
  ]
}

CNVD-2020-62939

Vulnerability from cnvd - Published: 2020-11-13

Title

Fortinet FortiOS信息泄露漏洞（CNVD-2020-62939）

Description

Fortinet FortiOS是美国飞塔（Fortinet）公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 FortiOS 6.2.4版本及之前版本存在安全漏洞，该漏洞源于命令行接口中敏感信息漏洞的明文存储，通过连接FortiGate CLI并执行“diag sys ha checksum show”命令，攻击者可利用该漏洞可以获得用户密码等敏感信息。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.fortinet.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-6648

Impacted products

Name
Fortinet Fortinet FortiOS <=6.2.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6648",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-6648"
    }
  },
  "description": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSLVPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\n\nFortiOS 6.2.4\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u547d\u4ee4\u884c\u63a5\u53e3\u4e2d\u654f\u611f\u4fe1\u606f\u6f0f\u6d1e\u7684\u660e\u6587\u5b58\u50a8\uff0c\u901a\u8fc7\u8fde\u63a5FortiGate CLI\u5e76\u6267\u884c\u201cdiag sys ha checksum show\u201d\u547d\u4ee4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u83b7\u5f97\u7528\u6237\u5bc6\u7801\u7b49\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.fortinet.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-62939",
  "openTime": "2020-11-13",
  "products": {
    "product": "Fortinet Fortinet FortiOS \u003c=6.2.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-6648",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-23",
  "title": "Fortinet FortiOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-62939\uff09"
}

GSD-2020-6648

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-6648

Aliases

CVE-2020-6648

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6648",
    "description": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command.",
    "id": "GSD-2020-6648"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6648"
      ],
      "details": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command.",
      "id": "GSD-2020-6648",
      "modified": "2023-12-13T01:21:55.423418Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2020-6648",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiGate and FortiProxy",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "Low",
          "attackVector": "Network",
          "availabilityImpact": "None",
          "baseScore": 5.2,
          "baseSeverity": "Medium",
          "confidentialityImpact": "Low",
          "integrityImpact": "None",
          "privilegesRequired": "None",
          "scope": "Unchanged",
          "userInteraction": "None",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.fortiguard.com/psirt/FG-IR-20-009",
            "refsource": "CONFIRM",
            "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
          },
          {
            "name": "https://www.fortiguard.com/psirt/FG-IR-20-236",
            "refsource": "CONFIRM",
            "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.5",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2020-6648"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-312"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-009",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
            },
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-236",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-15T03:18Z",
      "publishedDate": "2020-10-21T14:15Z"
    }
  }
}

GHSA-QP33-R3Q7-6XC4

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-06-16 00:00

Details

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and below may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-21T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and below may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command.",
  "id": "GHSA-qp33-r3q7-6xc4",
  "modified": "2022-06-16T00:00:28Z",
  "published": "2022-05-24T17:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6648"
    },
    {
      "type": "WEB",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
    },
    {
      "type": "WEB",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2020-6648

Vulnerability from fkie_nvd - Published: 2020-10-21 14:15 - Updated: 2024-11-21 05:36

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@fortinet.com	https://www.fortiguard.com/psirt/FG-IR-20-009	Vendor Advisory
psirt@fortinet.com	https://www.fortiguard.com/psirt/FG-IR-20-236	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.fortiguard.com/psirt/FG-IR-20-009	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.fortiguard.com/psirt/FG-IR-20-236	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiproxy	*
fortinet	fortiproxy	2.0.0
fortinet	fortios	*
fortinet	fortios	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D87AB8E6-5D58-4C4D-A465-29E756B0AA82",
              "versionEndExcluding": "1.2.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3DD97EA-92AD-4EB1-B731-261F40BFC4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCF2FC57-1A6E-422B-9EB5-5A9EF683BDAB",
              "versionEndExcluding": "6.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B59A39D6-9494-4273-8348-1078A77DD796",
              "versionEndExcluding": "6.2.5",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."
    },
    {
      "lang": "es",
      "value": "Un vulnerabilidad almacenamiento de informaci\u00f3n confidencial en texto sin cifrar en la interfaz de l\u00ednea de comandos de FortiOS en las versiones 6.2.4 y anteriores y FortiProxy en las versiones versiones 2.0.0, 1.2.9 y anteriores, puede permitir a un atacante autenticado obtener informaci\u00f3n confidencial como las contrase\u00f1as de los usuarios al conectarse a la CLI de FortiGate y ejecutar el comando \"diag sys ha checksum show\""
    }
  ],
  "id": "CVE-2020-6648",
  "lastModified": "2024-11-21T05:36:05.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-21T14:15:20.387",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-6648 (GCVE-0-2020-6648)

CERTFR-2021-AVI-165

Solution

CERTFR-2020-AVI-684

Solution

CNVD-2020-62939

GSD-2020-6648

GHSA-QP33-R3Q7-6XC4

FKIE_CVE-2020-6648

Tags

Sightings

Nomenclature