CVE-2020-12818

An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

CVSS v3.0 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://fortiguard.com/advisory/FG-IR-20-033	Vendor Advisory
https://www.fortiguard.com/psirt/FG-IR-20-033	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:fortinet:fortigate_1000d:-:::::::*
	cpe:2.3:h:fortinet:fortigate_100e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_100f:-:::::::*
	cpe:2.3:h:fortinet:fortigate_1100e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_1500d:-:::::::*
	cpe:2.3:h:fortinet:fortigate_1800f:-:::::::*
	cpe:2.3:h:fortinet:fortigate_2000e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_200e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_2200e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_3000d:-:::::::*
	cpe:2.3:h:fortinet:fortigate_3300e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_5001e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_5001e1:-:::::::*
	cpe:2.3:h:fortinet:fortigate_5053b:-:::::::*
	cpe:2.3:h:fortinet:fortigate_5144c:-:::::::*
	cpe:2.3:h:fortinet:fortigate_5060:-:::::::*
	cpe:2.3:h:fortinet:fortigate_400e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_60f:-:::::::*
	cpe:2.3:h:fortinet:fortigate_60e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_50e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_40f:-:::::::*
	cpe:2.3:h:fortinet:fortigate_600e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_3400e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_3600e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_3700d:-:::::::*
	cpe:2.3:h:fortinet:fortigate_3960e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_3980e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_4200f:-:::::::*
	cpe:2.3:h:fortinet:fortigate_6300f:-:::::::*
	cpe:2.3:h:fortinet:fortigate_6500f:-:::::::*
	cpe:2.3:h:fortinet:fortigate_7040e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_7060e:-:::::::*
	cpe:2.3:h:fortinet:fortigate_5001d:-:::::::*
	cpe:2.3:h:fortinet:fortigate_80f:-:::::::*
	cpe:2.3:h:fortinet:fortigate_80e:-:::::::*

Information

Published : 2020-09-24 08:15

Updated : 2020-10-05 07:08

NVD link : CVE-2020-12818

Mitre link : CVE-2020-12818

JSON object : View

CWE

NVD-CWE-Other

Products Affected

fortinet

fortigate_6300f
fortios
fortigate_4200f
fortigate_3960e
fortigate_60e
fortigate_1100e
fortigate_5053b
fortigate_80e
fortigate_1800f
fortigate_60f
fortigate_3700d
fortigate_5001d
fortigate_3000d
fortigate_600e
fortigate_3400e
fortigate_5144c
fortigate_40f
fortigate_80f
fortigate_3600e
fortigate_1000d
fortigate_3300e
fortigate_1500d
fortigate_5001e
fortigate_400e
fortigate_200e
fortigate_7040e
fortigate_50e
fortigate_100f
fortigate_2000e
fortigate_6500f
fortigate_5001e1
fortigate_5060
fortigate_100e
fortigate_3980e
fortigate_2200e
fortigate_7060e

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/advisory/FG-IR-20-033", "name": "https://fortiguard.com/advisory/FG-IR-20-033", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.fortiguard.com/psirt/FG-IR-20-033", "name": "https://www.fortiguard.com/psirt/FG-IR-20-033", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-12818", "ASSIGNER": "psirt@fortinet.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2020-09-24T15:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.4.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_1000d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_100e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_100f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_1100e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_1500d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_1800f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_2000e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_200e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_2200e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3000d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3300e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5001e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5001e1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5053b:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5144c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5060:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_400e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_60f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_60e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_50e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_40f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_600e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3400e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3600e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3700d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3960e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_3980e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_4200f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_6300f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_6500f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_7040e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_7060e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_5001d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_80f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:fortinet:fortigate_80e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-10-05T14:08Z"}

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-12818

5.3^/10

5.0^/10

Attach tags to `CVE-2020-12818`