CVE-2020-6648 - OpenCVE

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortios Fortiproxy

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiproxy::::::::
	cpe:2.3:a:fortinet:fortiproxy:2.0.0:::::::*
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::

No data.

References

Link	Providers
https://www.fortiguard.com/psirt/FG-IR-20-009
https://www.fortiguard.com/psirt/FG-IR-20-236

History

No history.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2020-10-21T14:05:55

Updated: 2024-08-04T09:11:04.625Z

Reserved: 2020-01-09T00:00:00

Link: CVE-2020-6648

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-21T14:15:20.387

Modified: 2022-06-15T03:18:32.193

Link: CVE-2020-6648

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FortiGate and FortiProxy", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."}]}], "descriptions": [{"lang": "en", "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-11T20:09:26", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2020-6648", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FortiGate and FortiProxy", "version": {"version_data": [{"version_value": "FortiOS versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier."}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", "baseScore": 5.2, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.fortiguard.com/psirt/FG-IR-20-009", "refsource": "CONFIRM", "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"}, {"name": "https://www.fortiguard.com/psirt/FG-IR-20-236", "refsource": "CONFIRM", "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:11:04.625Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"}]}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2020-6648", "datePublished": "2020-10-21T14:05:55", "dateReserved": "2020-01-09T00:00:00", "dateUpdated": "2024-08-04T09:11:04.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "D87AB8E6-5D58-4C4D-A465-29E756B0AA82", "versionEndExcluding": "1.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3DD97EA-92AD-4EB1-B731-261F40BFC4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCF2FC57-1A6E-422B-9EB5-5A9EF683BDAB", "versionEndExcluding": "6.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "B59A39D6-9494-4273-8348-1078A77DD796", "versionEndExcluding": "6.2.5", "versionStartIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."}, {"lang": "es", "value": "Un vulnerabilidad almacenamiento de informaci\u00f3n confidencial en texto sin cifrar en la interfaz de l\u00ednea de comandos de FortiOS en las versiones 6.2.4 y anteriores y FortiProxy en las versiones versiones 2.0.0, 1.2.9 y anteriores, puede permitir a un atacante autenticado obtener informaci\u00f3n confidencial como las contrase\u00f1as de los usuarios al conectarse a la CLI de FortiGate y ejecutar el comando \"diag sys ha checksum show\""}], "id": "CVE-2020-6648", "lastModified": "2022-06-15T03:18:32.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2020-10-21T14:15:20.387", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://www.fortiguard.com/psirt/FG-IR-20-009"}, {"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://www.fortiguard.com/psirt/FG-IR-20-236"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}