PT-2020-19203 · Fortinet · Fortigate+2
Published
2020-10-19
·
Updated
2022-06-15
·
CVE-2020-6648
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS versions 6.2.4 and earlier
FortiProxy versions 2.0.0, 1.2.9 and earlier
Description
A cleartext storage of sensitive information issue in the command line interface may allow an authenticated attacker to obtain sensitive information, such as user passwords, by connecting to the FortiGate CLI and executing the "diag sys ha checksum show" command.
Recommendations
For FortiOS versions 6.2.4 and earlier, update to a version later than 6.2.4 to resolve the issue.
For FortiProxy versions 2.0.0, 1.2.9 and earlier, update to a version later than 1.2.9 to resolve the issue.
As a temporary workaround, consider restricting access to the FortiGate CLI to minimize the risk of exploitation.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortigate
Fortios
Fortiproxy