cvelistv5 - CVE-2020-29018

CVE-2020-29018 (GCVE-0-2020-29018)

Vulnerability from cvelistv5

Published

2021-01-14 16:06

Modified

2024-10-25 14:23

Severity ?

CWE

Execute unauthorized code or commands

Summary

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

References

URL

Tags

	psirt@fortinet.com	https://www.fortiguard.com/psirt/FG-IR-20-123	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.fortiguard.com/psirt/FG-IR-20-123	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiWeb	Version: FortiWeb 6.3.0 through 6.3.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:01.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-29018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:03:32.662637Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:23:23.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiWeb",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiWeb 6.3.0 through 6.3.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T13:32:09",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2020-29018",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiWeb",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiWeb 6.3.0 through 6.3.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-123",
              "refsource": "CONFIRM",
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2020-29018",
    "datePublished": "2021-01-14T16:06:03",
    "dateReserved": "2020-11-24T00:00:00",
    "dateUpdated": "2024-10-25T14:23:23.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-29018\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2021-01-14T16:15:18.117\",\"lastModified\":\"2024-11-21T05:23:30.910\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de cadena de formato en FortiWeb versiones 6.3.0 hasta 6.3.5, puede permitir a un atacante remoto autenticado leer el contenido de la memoria y recuperar datos confidenciales por medio del par\u00e1metro redir\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndIncluding\":\"6.3.5\",\"matchCriteriaId\":\"866AC2A0-D1F6-4C7C-A9AE-94AB1DAB2C26\"}]}]}],\"references\":[{\"url\":\"https://www.fortiguard.com/psirt/FG-IR-20-123\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.fortiguard.com/psirt/FG-IR-20-123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-123\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T16:48:01.346Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-29018\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:03:32.662637Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:16:50.049Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"Fortinet FortiWeb\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiWeb 6.3.0 through 6.3.5\"}]}], \"references\": [{\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-123\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2021-01-29T13:32:09\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"FortiWeb 6.3.0 through 6.3.5\"}]}, \"product_name\": \"Fortinet FortiWeb\"}]}, \"vendor_name\": \"Fortinet\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.fortiguard.com/psirt/FG-IR-20-123\", \"name\": \"https://www.fortiguard.com/psirt/FG-IR-20-123\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Execute unauthorized code or commands\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-29018\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-29018\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:23:23.372Z\", \"dateReserved\": \"2020-11-24T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2021-01-14T16:06:03\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cnvd-2021-03526

Vulnerability from cnvd

Title

FortiWeb格式字符串漏洞

Description

FortiWeb是一个Web应用程序防火墙（WAF），可以保护托管的Web应用程序免受针对已知和未知漏洞的攻击。 FortiWeb 6.3.0 - 6.3.5存在格式字符串漏洞。远程攻击者可通过redir参数利用该漏洞读取内存的内容及检索敏感数据。

Severity

中

Patch Name

FortiWeb格式字符串漏洞的补丁

Patch Description

FortiWeb是一个Web应用程序防火墙（WAF），可以保护托管的Web应用程序免受针对已知和未知漏洞的攻击。 FortiWeb 6.3.0 - 6.3.5存在格式字符串漏洞。远程攻击者可通过redir参数利用该漏洞读取内存的内容及检索敏感数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.fortiguard.com/psirt/FG-IR-20-123

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-29018

Impacted products

Name
['Fortinet FortiWeb 6.3.0', 'Fortinet FortiWeb 6.3.1', 'Fortinet FortiWeb 6.3.2', 'Fortinet FortiWeb 6.3.3', 'Fortinet FortiWeb 6.3.4', 'Fortinet FortiWeb 6.3.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-29018",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-29018"
    }
  },
  "description": "FortiWeb\u662f\u4e00\u4e2aWeb\u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\uff08WAF\uff09\uff0c\u53ef\u4ee5\u4fdd\u62a4\u6258\u7ba1\u7684Web\u5e94\u7528\u7a0b\u5e8f\u514d\u53d7\u9488\u5bf9\u5df2\u77e5\u548c\u672a\u77e5\u6f0f\u6d1e\u7684\u653b\u51fb\u3002\n\nFortiWeb 6.3.0 - 6.3.5\u5b58\u5728\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7redir\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u5185\u5b58\u7684\u5185\u5bb9\u53ca\u68c0\u7d22\u654f\u611f\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.fortiguard.com/psirt/FG-IR-20-123",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-03526",
  "openTime": "2021-01-16",
  "patchDescription": "FortiWeb\u662f\u4e00\u4e2aWeb\u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\uff08WAF\uff09\uff0c\u53ef\u4ee5\u4fdd\u62a4\u6258\u7ba1\u7684Web\u5e94\u7528\u7a0b\u5e8f\u514d\u53d7\u9488\u5bf9\u5df2\u77e5\u548c\u672a\u77e5\u6f0f\u6d1e\u7684\u653b\u51fb\u3002\r\n\r\nFortiWeb 6.3.0 - 6.3.5\u5b58\u5728\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7redir\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u5185\u5b58\u7684\u5185\u5bb9\u53ca\u68c0\u7d22\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FortiWeb\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Fortinet FortiWeb 6.3.0",
      "Fortinet FortiWeb 6.3.1",
      "Fortinet FortiWeb 6.3.2",
      "Fortinet FortiWeb 6.3.3",
      "Fortinet FortiWeb 6.3.4",
      "Fortinet FortiWeb 6.3.5"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-29018",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-15",
  "title": "FortiWeb\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e"
}

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. FortiWeb Exists in a format string vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. Fortinet FortiWeb 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5 contain a security vulnerability that could allow remote users to access sensitive information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0503",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiweb",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.3.5"
      },
      {
        "model": "fortiweb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.3.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.3.0  to  6.3.5"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-29018"
      }
    ]
  },
  "cve": "CVE-2020-29018",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-29018",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-375145",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-29018",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-29018",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-29018",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-29018",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "VULHUB",
            "id": "VHN-375145",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-29018",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-375145"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-29018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-29018"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. FortiWeb Exists in a format string vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. Fortinet FortiWeb 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5 contain a security vulnerability that could allow remote users to access sensitive information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-29018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "db": "VULHUB",
        "id": "VHN-375145"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-29018"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-29018",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417",
        "trust": 0.8
      },
      {
        "db": "VULHUB",
        "id": "VHN-375145",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-29018",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-375145"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-29018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-29018"
      }
    ]
  },
  "id": "VAR-202101-0503",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-375145"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T23:11:13.203000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-20-123",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-29018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-134",
        "trust": 1.0
      },
      {
        "problemtype": "Format string problem (CWE-134) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-29018"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.3,
        "url": "https://www.fortiguard.com/psirt/fg-ir-20-123"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29018"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/134.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-375145"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-29018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-29018"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-375145"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-29018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-29018"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-375145"
      },
      {
        "date": "2021-01-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-29018"
      },
      {
        "date": "2021-09-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "date": "2021-01-14T16:15:18.117000",
        "db": "NVD",
        "id": "CVE-2020-29018"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-375145"
      },
      {
        "date": "2021-01-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-29018"
      },
      {
        "date": "2021-09-22T06:11:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      },
      {
        "date": "2024-11-21T05:23:30.910000",
        "db": "NVD",
        "id": "CVE-2020-29018"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiWeb\u00a0 Format string vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-015417"
      }
    ],
    "trust": 0.8
  }
}

gsd-2020-29018

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

Aliases

CVE-2020-29018

Aliases

CVE-2020-29018

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-29018",
    "description": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.",
    "id": "GSD-2020-29018"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-29018"
      ],
      "details": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.",
      "id": "GSD-2020-29018",
      "modified": "2023-12-13T01:22:11.641023Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2020-29018",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiWeb",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiWeb 6.3.0 through 6.3.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.fortiguard.com/psirt/FG-IR-20-123",
            "refsource": "CONFIRM",
            "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.3.5",
                "versionStartIncluding": "6.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2020-29018"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-134"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fortiguard.com/psirt/FG-IR-20-123",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-01-20T20:52Z",
      "publishedDate": "2021-01-14T16:15Z"
    }
  }
}

CERTFR-2021-AVI-003

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiGate	FortiGate versions 6.2.x antérieures à 6.2.5
Fortinet	FortiDeceptor	FortiDeceptor versions 3.1.x antérieures à 3.1.1
Fortinet	FortiWeb	FortiWeb versions 6.2.x antérieures à 6.2.4
Fortinet	FortiGate	FortiGate versions 6.0.x antérieures à 6.0.11
Fortinet	FortiWeb	FortiWeb versions 6.3.x antérieures à 6.3.8
Fortinet	FortiDeceptor	FortiDeceptor versions 3.0.x antérieures à 3.0.2
Fortinet	FortiGate	FortiGate versions 6.4.x antérieures à 6.4.2

References

Title

Publication Time

ghsa-53jq-rch4-w6wr

Vulnerability from github

Published

2022-05-24 17:39

Modified

2022-05-24 17:39

Details

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-29018"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-134"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-14T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.",
  "id": "GHSA-53jq-rch4-w6wr",
  "modified": "2022-05-24T17:39:17Z",
  "published": "2022-05-24T17:39:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29018"
    },
    {
      "type": "WEB",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2020-29018

Vulnerability from fkie_nvd

Published

2021-01-14 16:15

Modified

2024-11-21 05:23

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

References

	URL	Tags
	psirt@fortinet.com	https://www.fortiguard.com/psirt/FG-IR-20-123	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.fortiguard.com/psirt/FG-IR-20-123	Vendor Advisory

Impacted products

	Vendor	Product	Version
	fortinet	fortiweb	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "866AC2A0-D1F6-4C7C-A9AE-94AB1DAB2C26",
              "versionEndIncluding": "6.3.5",
              "versionStartIncluding": "6.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de cadena de formato en FortiWeb versiones 6.3.0 hasta 6.3.5, puede permitir a un atacante remoto autenticado leer el contenido de la memoria y recuperar datos confidenciales por medio del par\u00e1metro redir"
    }
  ],
  "id": "CVE-2020-29018",
  "lastModified": "2024-11-21T05:23:30.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-14T16:15:18.117",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-29018 (GCVE-0-2020-29018)

Vulnerability from cvelistv5

cnvd-2021-03526

Vulnerability from cnvd

var-202101-0503

Vulnerability from variot

gsd-2020-29018

Vulnerability from gsd

CERTFR-2021-AVI-003

Vulnerability from certfr_avis

Solution

ghsa-53jq-rch4-w6wr

Vulnerability from github

fkie_cve-2020-29018

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature