| IR Number | FG-IR-20-044 |
| Date | Nov 2, 2021 |
| Severity |
Medium |
| CVSSv3 Score | 4.2 |
| Impact | Information disclosure |
| CVE ID | CVE-2020-15935 |
| Affected Products |
FortiDDoS
:
5.4.2, 5.4.1, 5.4.0, 5.3.1, 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0, 4.5.0, 4.4.2, 4.4.1, 4.4.0, 4.3.2, 4.3.1, 4.3.0, 4.2.2, 4.2.1
FortiSIEM
:
6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0
FortiADC
:
6.0.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0
FortiDDoS-F
:
6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0
|
| CVRF | Download |
| Language |
Refine Search
PSIRT Advisories
Multiple Products - Retrieval of sensitive information in cleartext via GUI
Summary
A cleartext storage of sensitive information in the GUI of FortiADC, FortiSIEM, FortiDDoS, FortiDDoS-CM and FortiDDoS-F may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords, RADIUS shared secret and the Elastic Cloud database password by deobfuscating the passwords entry fields.
Affected Products
FortiADC versions 6.0.0.
FortiADC versions 5.x upto 5.4.3
FortiSIEM versions 6.2.x, 6.1.x, 6.x
FortiDDoS versions 5.4.x, 5.3.x, 5.2.x, 5.1.x, 5.0.x
FortiDDoS-F versions 6.1.x, 6.0.x
Solutions
Please upgrade to FortiADC versions 5.4.4 or above.
Please upgrade to FortiADC versions 6.0.1 or above.
Please upgrade to FortiSIEM 6.3.0 or above.
Please upgrade to FortiDDoS 5.5.0 or above.
Please upgrade to FortiDDoS-F 6.2.0 or above.