| |
Vulnerability CVE-2020-15936
Published: 2022-03-01
| Description: |
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets. |
Type:
CWE-668 (Exposure of Resource to Wrong Sphere)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://fortiguard.com/advisory/FG-IR-20-091
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
