CVE-2020-29010

Summary

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP address.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS6.2.1 <= 6.2.4affected
FortinetFortiOS6.0.0 <= 6.0.10affected

Weaknesses

  • CWE-200: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References