PT-2021-30878 · Fortinet · Fortios
Published
2021-01-04
·
Updated
2025-03-17
·
CVE-2020-29010
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS versions prior to 6.2.5
FortiOS version 6.0.10 and below
Description
The issue allows remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing
get vpn ssl monitor from the CLI. The sensitive data includes usernames, user groups, and IP addresses.Recommendations
For FortiOS versions prior to 6.2.5, update to version 6.2.5 or later to resolve the issue.
For FortiOS version 6.0.10 and below, consider restricting access to the CLI command
get vpn ssl monitor until a patch is available.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios