Severity
Medium
Analysis Summary
CVE-2020-29010
An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated attacker to read the SSL VPN events log entries of users in other VDOMs by executing “get vpn ssl monitor” from the CLI. The sensitive data includes usernames, user groups, and IP addresses.
CVE-2020-29015
A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
CVE-2020-29016
A stack-based buffer overflow vulnerability in FortiWeb may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
CVE-2020-29019
A stack-based buffer overflow vulnerability in FortiWeb may allow a remote, authenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.
CVE-2020-29018
A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
Impact
- Information disclosure
- Execute unauthorized code or commands
- Denial of service
Affected Vendors
FortiGuard
Affected Products
- FortiGate versions 6.0.10 and below
- FortiWeb versions 6.3.7 and below
- FortiWeb versions 6.3.5 and below
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.