{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2020-29010","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2020-11-24T00:00:00.000Z","datePublished":"2025-03-17T13:06:16.993Z","dateUpdated":"2025-03-17T13:32:38.996Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiOS","cpes":["cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"6.2.1","lessThanOrEqual":"6.2.4","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.10","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by  executing \"get vpn ssl monitor\" from the CLI. The sensitive data includes usernames, user groups, and IP address."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2025-03-17T13:06:16.993Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-200","description":"Information disclosure","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.9,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiGate version 6.0.11 or above. \r\nPlease upgrade to FortiGate version 6.2.5 or above.\r\nPlease upgrade to FortiGate version 6.4.2 or above."}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-20-103","url":"https://fortiguard.fortinet.com/psirt/FG-IR-20-103"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-17T13:32:32.365720Z","id":"CVE-2020-29010","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-17T13:32:38.996Z"}}]}}