Improper Input Neutralization in FortiTester by Fortinet
CVE-2020-12815

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortitester
Vendor: CVE Published:; 24 September 2020

What is CVE-2020-12815?

An input validation vulnerability in FortiTester prior to version 3.9.0 allows remote authenticated attackers to inject malicious HTML scripts through IPv4 and IPv6 address fields, potentially leading to unauthorized actions and data exposure.

Affected Version(s)

Fortinet FortiTester FortiTester before 3.9.0

References

https://fortiguard.com/advisory/FG-IR-20-054

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2020
Vulnerability Reserved
May 12, 2020