CVE-2020-29018

8.8HIGH

Key Information:

Vendor
Fortinet
Status
Fortinet Fortiweb
Vendor
CVE Published:
14 January 2021

Summary

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

Affected Version(s)

Fortinet FortiWeb FortiWeb 6.3.0 through 6.3.5

References

https://www.fortiguard.com/psirt/FG-IR-20-123
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.