{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-12820", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2020-05-12T00:00:00.000Z", "datePublished": "2024-12-19T10:57:31.517Z", "dateUpdated": "2024-12-20T17:25:13.362Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiOS", "cpes": ["cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.10", "status": "affected"}, {"versionType": "semver", "version": "5.6.0", "lessThanOrEqual": "5.6.12", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-12-19T10:57:31.517Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS versions 5.6.13 or above.\r\nPlease upgrade to FortiOS versions 6.0.11 or above. \r\nFortiOS versions 6.2.0 and above are not impacted. \r\nFortiOS versions 6.4.0 and above are not impacted. \r\nWorkaround: \r\nPlease ensure that Fortiheartbeat and Endpoint-Compliance are not both enabled on the same interface. \r\nFortiHeartbeat and Endpoint-Compliance can be disabled on a particular interface by following the below CLI commands:\r\nconfig system interface\r\nedit interface\r\nset endpoint-compliance disable (<-- Disabled by default)\r\nset fortiheartbeat disable\r\nnext\r\nend"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-083", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-083"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-20T17:24:49.607607Z", "id": "CVE-2020-12820", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-20T17:25:13.362Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-12820", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-20T17:24:49.607607Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-20T17:24:58.263Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:X/RC:X", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiOS", "versions": [{"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.10"}, {"status": "affected", "version": "5.6.0", "versionType": "semver", "lessThanOrEqual": "5.6.12"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS versions 5.6.13 or above.\r\nPlease upgrade to FortiOS versions 6.0.11 or above. \r\nFortiOS versions 6.2.0 and above are not impacted. \r\nFortiOS versions 6.4.0 and above are not impacted. \r\nWorkaround: \r\nPlease ensure that Fortiheartbeat and Endpoint-Compliance are not both enabled on the same interface. \r\nFortiHeartbeat and Endpoint-Compliance can be disabled on a particular interface by following the below CLI commands:\r\nconfig system interface\r\nedit interface\r\nset endpoint-compliance disable (<-- Disabled by default)\r\nset fortiheartbeat disable\r\nnext\r\nend"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-083", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-083"}], "descriptions": [{"lang": "en", "value": "Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-12-19T10:57:31.517Z"}}}, "cveMetadata": {"cveId": "CVE-2020-12820", "state": "PUBLISHED", "dateUpdated": "2024-12-20T17:25:13.362Z", "dateReserved": "2020-05-12T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-12-19T10:57:31.517Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C8DACBF-C9D5-4898-8294-DB887A28A9C7", "versionEndExcluding": "5.6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "D44B5E8F-6093-4E84-9197-4530032E5B5A", "versionEndExcluding": "6.0.11", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter."}, {"lang": "es", "value": "En una configuraci\u00f3n no predeterminada, un desbordamiento de b\u00fafer basado en pila en FortiOS versi\u00f3n 6.0.10 y anteriores, versi\u00f3n 5.6.12 y anteriores puede permitir que un atacante remoto autenticado en la VPN SSL bloquee el daemon NAC de FortiClient (fcnacd) y potencialmente ejecute c\u00f3digo arbitrario mediante la solicitud de un nombre de archivo FortiClient grande. No tenemos conocimiento de ning\u00fan c\u00f3digo de prueba de concepto que logre esto \u00faltimo con \u00e9xito."}], "id": "CVE-2020-12820", "lastModified": "2025-01-21T20:42:17.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-19T11:15:05.700", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-083"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}