CVE-2020-12818

Name of the Vulnerable Software and Affected Versions FortiGate versions prior to 6.4.1

Description The issue is related to insufficient logging, which may allow traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. This is due to incorrect logging of traffic for a range of IP addresses. A remote attacker could exploit this to gain unauthorized access to protected information. Specifically, traffic destined to certain subnets, such as 173.243.128.0/20 and 96.45.32.0/20, may not be recorded, including traffic generated by FortiClient/FortiClient EMS requesting updates from FortiGuard distributed servers.

Recommendations For FortiGate versions prior to 6.4.1, update to version 6.4.1 or later to resolve the issue. As a temporary workaround, consider manually monitoring traffic logs for suspicious activity, especially for traffic destined to Fortinet owned IP addresses. Restrict access to the affected subnets to minimize the risk of exploitation.