CVE-2020-15935 MEDIUM

CVE-2020-15935

Vendor Fortinet
Product Fortinet FortiADC
Published November 2, 2021
Last update October 25, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X

What the vulnerability does

01Description

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.

Key dates

02Disclosure timeline

November 2, 2021 CVE published
October 25, 2024 Record updated