CVE-2020-29010: Infoleak
First published: Mon Mar 17 2025(Updated: )
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP address.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FortiOS | <=6.2.4<=6.0.10 |
Remedy
Please upgrade to FortiGate version 6.0.11 or above. Please upgrade to FortiGate version 6.2.5 or above. Please upgrade to FortiGate version 6.4.2 or above.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-29010?
CVE-2020-29010 is rated as a medium severity vulnerability due to the unauthorized access to sensitive VPN event logs.
How do I fix CVE-2020-29010?
To mitigate CVE-2020-29010, upgrade FortiOS to version 6.2.5 or later, or version 6.0.11 or later.
Who is affected by CVE-2020-29010?
CVE-2020-29010 affects users of FortiOS versions 6.2.4 and below, and 6.0.10 and below.
What can an attacker do in CVE-2020-29010?
An attacker exploiting CVE-2020-29010 can read SSL VPN event log entries of other users in different VDOMs.
Is CVE-2020-29010 exploitable remotely?
Yes, CVE-2020-29010 is exploitable remotely by authenticated users on the affected FortiOS versions.
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/type
- agent/remedy
- agent/description
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortios