CVE-2020-15936

2.6LOW

Key Information:

Vendor: Fortinet
Status: Fortinet FortiOS
Vendor: CVE Published:; 1 March 2022

Summary

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

Affected Version(s)

Fortinet FortiOS FortiOS 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0

References

https://fortiguard.com/advisory/FG-IR-20-091

x_refsource_CONFIRM

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 1, 2022
Vulnerability Reserved
Jul 24, 2020