Vulnerability-Lookup

CVE-2020-12818 (GCVE-0-2020-12818)

Vulnerability from cvelistv5 – Published: 2020-09-24 13:30 – Updated: 2024-10-25 14:24

Summary

An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Improper Access Control

Assigner

fortinet

References

1 reference

URL	Tags
https://fortiguard.com/advisory/FG-IR-20-033	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Fortinet	Fortinet FortiOS	Affected: FortiOS before 6.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-20-033"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-12818",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:09:42.429984Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:24:36.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiOS before 6.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T13:30:18.000Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-20-033"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2020-12818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiOS before 6.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-20-033",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-20-033"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2020-12818",
    "datePublished": "2020-09-24T13:30:18.000Z",
    "dateReserved": "2020-05-12T00:00:00.000Z",
    "dateUpdated": "2024-10-25T14:24:36.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-12818",
      "date": "2026-06-05",
      "epss": "0.00278",
      "percentile": "0.51478"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.4.1\", \"matchCriteriaId\": \"366223BF-F61D-4AC7-A884-D6FB48CD47A7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_1000d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64F7589C-F20B-4222-B859-78D15C457CE5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_100e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E4BAC86-6E1C-4ECE-8E41-789A6A617A40\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_100f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"561D84F5-E3D4-4293-AC13-26D2E217D970\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_1100e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"648723EC-E144-4975-8D23-A4BB5EF6F07A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_1500d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8C8DA5D-9CB6-4BA6-BB8B-F41501726AF9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_1800f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76792D6F-B647-43A8-8A60-17BE35824BF7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_2000e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92C3D2D8-A79C-4D10-B72E-D71EA3EB06F4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_200e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3D08C3F-51A4-44CF-BB85-A00536FAADAE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_2200e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B2A9D43-348B-45DB-94F7-825B29141F09\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_3000d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C79E67E1-8A10-4AD3-A6F5-9E82890216B3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_3300e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CCCA9CD-2B75-46AF-989C-C300CB53358E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_3400e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD1CDB68-B412-45E2-9AC4-F2A6E5300AA4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_3600e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5015D2E8-8482-467A-96F4-65CBF0AFAC6E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_3700d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"431E4C52-4BBF-48BA-867B-32D1405A5863\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_3960e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3E816AC-57B5-4460-AF88-300EB72B5A8A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_3980e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF54E933-526F-4E65-A6B1-455389525F27\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_400e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A197765B-E9B4-4E5A-918D-C0C4B679CBA6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_40f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96C31DB1-CEBD-4796-9CF1-5D9D000A5A9A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_4200f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"326DF840-7BEE-44D3-A8B8-DCE1A673A2C2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_5001d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B35A82B1-ABA8-493D-9E89-E253CDD10472\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_5001e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"922E4449-EB12-444E-9E8C-C67FA537F1BD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_5001e1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"302638DB-0FA0-4804-9FC8-CCD20430B08F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_5053b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5B0C1E0-CA41-4A31-A42D-FB25090EC6CB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_5060:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A78FF2E-986E-439E-A787-0A14E7EE78CC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_50e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB3BE8B3-F83D-4C89-AA5C-9B6819128138\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_5144c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20B656F3-C696-48A9-9E1C-6F628E246F48\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_600e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"360F94B1-BFBC-455A-84D4-2E5F90DC0E61\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_60e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33F4AB8A-21B9-4969-92B3-250BF7414175\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_60f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D32F0C5-2949-48B6-B9DD-F070DE11C803\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_6300f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C87112F-4971-4A57-98E6-8057A758F7E7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_6500f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EA7B3B0-C101-406D-AAF4-C7CF86075EA6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_7040e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68E575C9-D2C9-476B-91BB-D49C6FB62351\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_7060e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1786CFE3-300C-4891-A55F-06BB0D0B67D7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_80e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68866893-6942-4FF6-88E8-4BEB610AD6FE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:fortinet:fortigate_80f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"906455AD-D91C-47D6-A244-33B43ECB0A74\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de registro insuficiente en FortiGate versiones anteriores a 6.4.1, puede permitir que el tr\\u00e1fico de un atacante no autenticado hacia direcciones IP propiedad de Fortinet pase desapercibido.\"}]",
      "id": "CVE-2020-12818",
      "lastModified": "2024-11-21T05:00:20.173",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-09-24T15:15:13.237",
      "references": "[{\"url\": \"https://fortiguard.com/advisory/FG-IR-20-033\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-033\", \"source\": \"nvd@nist.gov\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-20-033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-12818\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2020-09-24T15:15:13.237\",\"lastModified\":\"2024-11-21T05:00:20.173\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de registro insuficiente en FortiGate versiones anteriores a 6.4.1, puede permitir que el tr\u00e1fico de un atacante no autenticado hacia direcciones IP propiedad de Fortinet pase desapercibido.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.1\",\"matchCriteriaId\":\"366223BF-F61D-4AC7-A884-D6FB48CD47A7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_1000d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64F7589C-F20B-4222-B859-78D15C457CE5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_100e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E4BAC86-6E1C-4ECE-8E41-789A6A617A40\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_100f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"561D84F5-E3D4-4293-AC13-26D2E217D970\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_1100e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"648723EC-E144-4975-8D23-A4BB5EF6F07A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_1500d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8C8DA5D-9CB6-4BA6-BB8B-F41501726AF9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_1800f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76792D6F-B647-43A8-8A60-17BE35824BF7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_2000e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92C3D2D8-A79C-4D10-B72E-D71EA3EB06F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_200e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D08C3F-51A4-44CF-BB85-A00536FAADAE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_2200e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B2A9D43-348B-45DB-94F7-825B29141F09\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_3000d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79E67E1-8A10-4AD3-A6F5-9E82890216B3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_3300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CCCA9CD-2B75-46AF-989C-C300CB53358E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_3400e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD1CDB68-B412-45E2-9AC4-F2A6E5300AA4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_3600e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5015D2E8-8482-467A-96F4-65CBF0AFAC6E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_3700d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"431E4C52-4BBF-48BA-867B-32D1405A5863\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_3960e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3E816AC-57B5-4460-AF88-300EB72B5A8A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_3980e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF54E933-526F-4E65-A6B1-455389525F27\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_400e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A197765B-E9B4-4E5A-918D-C0C4B679CBA6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_40f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96C31DB1-CEBD-4796-9CF1-5D9D000A5A9A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_4200f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"326DF840-7BEE-44D3-A8B8-DCE1A673A2C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_5001d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B35A82B1-ABA8-493D-9E89-E253CDD10472\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_5001e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"922E4449-EB12-444E-9E8C-C67FA537F1BD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_5001e1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"302638DB-0FA0-4804-9FC8-CCD20430B08F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_5053b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5B0C1E0-CA41-4A31-A42D-FB25090EC6CB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_5060:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A78FF2E-986E-439E-A787-0A14E7EE78CC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_50e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB3BE8B3-F83D-4C89-AA5C-9B6819128138\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_5144c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B656F3-C696-48A9-9E1C-6F628E246F48\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_600e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"360F94B1-BFBC-455A-84D4-2E5F90DC0E61\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_60e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F4AB8A-21B9-4969-92B3-250BF7414175\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_60f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D32F0C5-2949-48B6-B9DD-F070DE11C803\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_6300f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C87112F-4971-4A57-98E6-8057A758F7E7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_6500f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA7B3B0-C101-406D-AAF4-C7CF86075EA6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_7040e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68E575C9-D2C9-476B-91BB-D49C6FB62351\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_7060e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1786CFE3-300C-4891-A55F-06BB0D0B67D7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_80e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68866893-6942-4FF6-88E8-4BEB610AD6FE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fortinet:fortigate_80f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"906455AD-D91C-47D6-A244-33B43ECB0A74\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/advisory/FG-IR-20-033\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.fortiguard.com/psirt/FG-IR-20-033\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-20-033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-20-033\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T12:04:22.856Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-12818\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:09:42.429984Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:16:58.559Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"Fortinet FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiOS before 6.4.1\"}]}], \"references\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-20-033\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2020-09-24T13:30:18.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"FortiOS before 6.4.1\"}]}, \"product_name\": \"Fortinet FortiOS\"}]}, \"vendor_name\": \"Fortinet\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-20-033\", \"name\": \"https://fortiguard.com/advisory/FG-IR-20-033\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Improper Access Control\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-12818\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-12818\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:24:36.510Z\", \"dateReserved\": \"2020-05-12T00:00:00.000Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2020-09-24T13:30:18.000Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2020-AVI-595

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiGate	FortiGate 6.2.x toutes versions
Fortinet	FortiGate	FortiGate 6.4.x versions antérieures à 6.4.1
Fortinet	FortiNAC	FortiNAC versions antérieures à 8.7.3

References

Title

Publication Time

CERTFR-2020-AVI-595

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiGate	FortiGate 6.2.x toutes versions
Fortinet	FortiGate	FortiGate 6.4.x versions antérieures à 6.4.1
Fortinet	FortiNAC	FortiNAC versions antérieures à 8.7.3

References

Title

Publication Time

CNVD-2021-33534

Vulnerability from cnvd - Published: 2021-05-10

Title

Fortinet FortiGate存在未明漏洞（CNVD-2021-33534）

Description

Fortinet FortiGate是美国飞塔（Fortinet）公司的一套网络安全平台。该平台提供防火墙、防病毒和入侵防御（IPS）、应用控制、反垃圾邮件、无线控制器和广域网加速等功能。 FortiGate 6.4.1之前版本存在安全漏洞，该漏洞源于不足的日志记录。攻击者可利用该漏洞导致到Fortinet拥有的IP地址的流量被忽略。

Severity

中

Patch Name

Fortinet FortiGate存在未明漏洞（CNVD-2021-33534）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.fortiguard.com/psirt/FG-IR-20-033

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-12818

Impacted products

Name
Fortinet Fortinet FortiGate <6.4.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12818",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-12818"
    }
  },
  "description": "Fortinet FortiGate\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u548c\u5165\u4fb5\u9632\u5fa1\uff08IPS\uff09\u3001\u5e94\u7528\u63a7\u5236\u3001\u53cd\u5783\u573e\u90ae\u4ef6\u3001\u65e0\u7ebf\u63a7\u5236\u5668\u548c\u5e7f\u57df\u7f51\u52a0\u901f\u7b49\u529f\u80fd\u3002\n\nFortiGate 6.4.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e0d\u8db3\u7684\u65e5\u5fd7\u8bb0\u5f55\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5230Fortinet\u62e5\u6709\u7684IP\u5730\u5740\u7684\u6d41\u91cf\u88ab\u5ffd\u7565\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.fortiguard.com/psirt/FG-IR-20-033",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-33534",
  "openTime": "2021-05-10",
  "patchDescription": "Fortinet FortiGate\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u548c\u5165\u4fb5\u9632\u5fa1\uff08IPS\uff09\u3001\u5e94\u7528\u63a7\u5236\u3001\u53cd\u5783\u573e\u90ae\u4ef6\u3001\u65e0\u7ebf\u63a7\u5236\u5668\u548c\u5e7f\u57df\u7f51\u52a0\u901f\u7b49\u529f\u80fd\u3002\r\n\r\nFortiGate 6.4.1\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e0d\u8db3\u7684\u65e5\u5fd7\u8bb0\u5f55\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5230Fortinet\u62e5\u6709\u7684IP\u5730\u5740\u7684\u6d41\u91cf\u88ab\u5ffd\u7565\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiGate\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-33534\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Fortinet Fortinet FortiGate \u003c6.4.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-12818",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-09",
  "title": "Fortinet FortiGate\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-33534\uff09"
}

FKIE_CVE-2020-12818

Vulnerability from fkie_nvd - Published: 2020-09-24 15:15 - Updated: 2024-11-21 05:00

Severity

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

References

URL	Tags
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-20-033	Vendor Advisory
nvd@nist.gov	https://www.fortiguard.com/psirt/FG-IR-20-033	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-20-033	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortios	*
fortinet	fortigate_1000d	-
fortinet	fortigate_100e	-
fortinet	fortigate_100f	-
fortinet	fortigate_1100e	-
fortinet	fortigate_1500d	-
fortinet	fortigate_1800f	-
fortinet	fortigate_2000e	-
fortinet	fortigate_200e	-
fortinet	fortigate_2200e	-
fortinet	fortigate_3000d	-
fortinet	fortigate_3300e	-
fortinet	fortigate_3400e	-
fortinet	fortigate_3600e	-
fortinet	fortigate_3700d	-
fortinet	fortigate_3960e	-
fortinet	fortigate_3980e	-
fortinet	fortigate_400e	-
fortinet	fortigate_40f	-
fortinet	fortigate_4200f	-
fortinet	fortigate_5001d	-
fortinet	fortigate_5001e	-
fortinet	fortigate_5001e1	-
fortinet	fortigate_5053b	-
fortinet	fortigate_5060	-
fortinet	fortigate_50e	-
fortinet	fortigate_5144c	-
fortinet	fortigate_600e	-
fortinet	fortigate_60e	-
fortinet	fortigate_60f	-
fortinet	fortigate_6300f	-
fortinet	fortigate_6500f	-
fortinet	fortigate_7040e	-
fortinet	fortigate_7060e	-
fortinet	fortigate_80e	-
fortinet	fortigate_80f	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "366223BF-F61D-4AC7-A884-D6FB48CD47A7",
              "versionEndExcluding": "6.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_1000d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F7589C-F20B-4222-B859-78D15C457CE5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_100e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E4BAC86-6E1C-4ECE-8E41-789A6A617A40",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_100f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "561D84F5-E3D4-4293-AC13-26D2E217D970",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_1100e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "648723EC-E144-4975-8D23-A4BB5EF6F07A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_1500d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C8DA5D-9CB6-4BA6-BB8B-F41501726AF9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_1800f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76792D6F-B647-43A8-8A60-17BE35824BF7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_2000e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C3D2D8-A79C-4D10-B72E-D71EA3EB06F4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_200e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D08C3F-51A4-44CF-BB85-A00536FAADAE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_2200e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B2A9D43-348B-45DB-94F7-825B29141F09",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_3000d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79E67E1-8A10-4AD3-A6F5-9E82890216B3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_3300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CCCA9CD-2B75-46AF-989C-C300CB53358E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_3400e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1CDB68-B412-45E2-9AC4-F2A6E5300AA4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_3600e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5015D2E8-8482-467A-96F4-65CBF0AFAC6E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_3700d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "431E4C52-4BBF-48BA-867B-32D1405A5863",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_3960e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E816AC-57B5-4460-AF88-300EB72B5A8A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_3980e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF54E933-526F-4E65-A6B1-455389525F27",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_400e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A197765B-E9B4-4E5A-918D-C0C4B679CBA6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_40f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C31DB1-CEBD-4796-9CF1-5D9D000A5A9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_4200f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "326DF840-7BEE-44D3-A8B8-DCE1A673A2C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_5001d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35A82B1-ABA8-493D-9E89-E253CDD10472",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_5001e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "922E4449-EB12-444E-9E8C-C67FA537F1BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_5001e1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "302638DB-0FA0-4804-9FC8-CCD20430B08F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_5053b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5B0C1E0-CA41-4A31-A42D-FB25090EC6CB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_5060:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A78FF2E-986E-439E-A787-0A14E7EE78CC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_50e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3BE8B3-F83D-4C89-AA5C-9B6819128138",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_5144c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B656F3-C696-48A9-9E1C-6F628E246F48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_600e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "360F94B1-BFBC-455A-84D4-2E5F90DC0E61",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_60e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F4AB8A-21B9-4969-92B3-250BF7414175",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_60f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D32F0C5-2949-48B6-B9DD-F070DE11C803",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_6300f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C87112F-4971-4A57-98E6-8057A758F7E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_6500f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA7B3B0-C101-406D-AAF4-C7CF86075EA6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_7040e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E575C9-D2C9-476B-91BB-D49C6FB62351",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_7060e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1786CFE3-300C-4891-A55F-06BB0D0B67D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_80e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68866893-6942-4FF6-88E8-4BEB610AD6FE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortigate_80f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "906455AD-D91C-47D6-A244-33B43ECB0A74",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de registro insuficiente en FortiGate versiones anteriores a 6.4.1, puede permitir que el tr\u00e1fico de un atacante no autenticado hacia direcciones IP propiedad de Fortinet pase desapercibido."
    }
  ],
  "id": "CVE-2020-12818",
  "lastModified": "2024-11-21T05:00:20.173",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-24T15:15:13.237",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-20-033"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-20-033"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-H946-QQGH-QHRR

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29

Details

An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-12818"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-24T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.",
  "id": "GHSA-h946-qqgh-qhrr",
  "modified": "2022-05-24T17:29:20Z",
  "published": "2022-05-24T17:29:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12818"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-20-033"
    },
    {
      "type": "WEB",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-033"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-12818

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

Aliases

CVE-2020-12818

Aliases

CVE-2020-12818

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-12818",
    "description": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.",
    "id": "GSD-2020-12818"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-12818"
      ],
      "details": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.",
      "id": "GSD-2020-12818",
      "modified": "2023-12-13T01:21:49.690801Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2020-12818",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiOS before 6.4.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-20-033",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-20-033"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_1000d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_100e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_100f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_1100e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_1500d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_1800f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_2000e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_200e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_2200e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3000d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3300e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3400e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3600e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3700d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3960e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3980e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_400e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_40f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_4200f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5001d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5001e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5001e1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5053b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5060:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_50e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5144c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_600e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_60e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_60f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_6300f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_6500f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_7040e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_7060e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_80e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortigate_80f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2020-12818"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-20-033",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-20-033"
            },
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-033",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-033"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-10-05T14:08Z",
      "publishedDate": "2020-09-24T15:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-12818 (GCVE-0-2020-12818)

CERTFR-2020-AVI-595

Solution

CERTFR-2020-AVI-595

Solution

CNVD-2021-33534

FKIE_CVE-2020-12818

GHSA-H946-QQGH-QHRR

GSD-2020-12818

Tags

Sightings

Nomenclature