What is CVE-2020-15933?

CVE-2020-15933 is a vulnerability that allows an unauthorized actor to obtain potentially sensitive software-version information in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below, and FortiMail versions 6.4.1 and 6.4.0.

How severe is CVE-2020-15933?

CVE-2020-15933 has a severity rating of 5.3, which is considered medium.

How can an unauthorized actor exploit CVE-2020-15933?

An unauthorized actor can exploit CVE-2020-15933 by inspecting client-side resources to obtain potentially sensitive software-version information.

Is there a fix for CVE-2020-15933?

Yes, Fortinet has released updates to address the vulnerability in FortiMail versions 6.0.10, 6.2.5, and 6.4.2. It is recommended to update to the latest version to mitigate the risk.

Vulnerability/
CVE-2020-15933

medium

5.3

CWE

200

5/1/2022

25/10/2024

CVE-2020-15933: Infoleak

Q: What is the affected software for CVE-2020-15933?

The affected software for CVE-2020-15933 includes Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below, and FortiMail versions 6.4.1 and 6.4.0.

First published: Wed Jan 05 2022(Updated: )

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiMail	<=6.0.9
Fortinet FortiMail	=6.2.0
Fortinet FortiMail	=6.2.1
Fortinet FortiMail	=6.2.2
Fortinet FortiMail	=6.2.3
Fortinet FortiMail	=6.2.4
Fortinet FortiMail	=6.4.0
Fortinet FortiMail	=6.4.1

Remedy

https://fortiguard.com/psirt/FG-IR-20-105

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-20-105

Frequently Asked Questions

What is CVE-2020-15933?
CVE-2020-15933 is a vulnerability that allows an unauthorized actor to obtain potentially sensitive software-version information in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below, and FortiMail versions 6.4.1 and 6.4.0.
How severe is CVE-2020-15933?
CVE-2020-15933 has a severity rating of 5.3, which is considered medium.
What is the affected software for CVE-2020-15933?
The affected software for CVE-2020-15933 includes Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below, and FortiMail versions 6.4.1 and 6.4.0.
How can an unauthorized actor exploit CVE-2020-15933?
An unauthorized actor can exploit CVE-2020-15933 by inspecting client-side resources to obtain potentially sensitive software-version information.
Is there a fix for CVE-2020-15933?
Yes, Fortinet has released updates to address the vulnerability in FortiMail versions 6.0.10, 6.2.5, and 6.4.2. It is recommended to update to the latest version to mitigate the risk.

collector/nvd-index
agent/weakness
agent/type
agent/description
agent/author
agent/references
agent/severity
agent/event
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/fortinet
canonical/fortinet fortimail
version/fortinet fortimail/6.0.9
version/fortinet fortimail/6.2.0
version/fortinet fortimail/6.2.1
version/fortinet fortimail/6.2.2
version/fortinet fortimail/6.2.3
version/fortinet fortimail/6.2.4
version/fortinet fortimail/6.4.0
version/fortinet fortimail/6.4.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.