CVE-2020-15936

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 6.4.4 FortiOS versions prior to 6.2.6 FortiOS versions prior to 6.0.12 FortiOS versions prior to 5.6.14 FortiGate versions 6.4.3 and below FortiGate versions 6.2.5 and below FortiGate versions 6.0.11 and below FortiGate versions 5.6.13 and below

Description The issue is related to improper input validation, allowing an attacker to disclose sensitive information via SNI Client Hello TLS packets. This can be exploited by sending a specially crafted message, enabling unauthorized access to protected information.

Recommendations For FortiOS versions prior to 6.4.4, update to version 6.4.4 or later. For FortiOS versions prior to 6.2.6, update to version 6.2.6 or later. For FortiOS versions prior to 6.0.12, update to version 6.0.12 or later. For FortiOS versions prior to 5.6.14, update to version 5.6.14 or later. For FortiGate versions 6.4.3 and below, update to version 6.4.4 or later. For FortiGate versions 6.2.5 and below, update to version 6.2.6 or later. For FortiGate versions 6.0.11 and below, update to version 6.0.12 or later. For FortiGate versions 5.6.13 and below, update to version 5.6.14 or later. As a temporary workaround, consider restricting access to SNI Client Hello TLS packets until a patch is available.