Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-6648: Fortiguard

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the “diag sys ha checksum show” command.

CVE
Open in Source
#vulnerability#ios#auth

** PSIRT Advisories**

Potential sensitive information can be displayed in cleartext in FortiOS CLI window

Summary

A cleartext storage of sensitive information vulnerability in FortiOS command line interface may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the “diag sys ha checksum show” command.

Affected Products

FortiOS versions 6.2.4 and below.

FortiOS versions 6.0.11 and below.

Solutions

Please upgrade to FortiOS version 6.4.0 or above.

Please upgrade to FortiOS version 6.2.5 or above.

Please upgrade to FortiOS version 6.0.12 or above.

Acknowledgement

Fortinet is pleased to thank Shaun Farrow for reporting this vulnerability under responsible disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE