{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T11:26:04.894","vulnerabilities":[{"cve":{"id":"CVE-2020-6648","sourceIdentifier":"psirt@fortinet.com","published":"2020-10-21T14:15:20.387","lastModified":"2024-11-21T05:36:05.557","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the \"diag sys ha checksum show\" command."},{"lang":"es","value":"Un vulnerabilidad almacenamiento de información confidencial en texto sin cifrar en la interfaz de línea de comandos de FortiOS en las versiones 6.2.4 y anteriores y FortiProxy en las versiones versiones 2.0.0, 1.2.9 y anteriores, puede permitir a un atacante autenticado obtener información confidencial como las contraseñas de los usuarios al conectarse a la CLI de FortiGate y ejecutar el comando \"diag sys ha checksum show\""}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.10","matchCriteriaId":"D87AB8E6-5D58-4C4D-A465-29E756B0AA82"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F3DD97EA-92AD-4EB1-B731-261F40BFC4BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.12","matchCriteriaId":"DCF2FC57-1A6E-422B-9EB5-5A9EF683BDAB"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.5","matchCriteriaId":"B59A39D6-9494-4273-8348-1078A77DD796"}]}]}],"references":[{"url":"https://www.fortiguard.com/psirt/FG-IR-20-009","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://www.fortiguard.com/psirt/FG-IR-20-236","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://www.fortiguard.com/psirt/FG-IR-20-009","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.fortiguard.com/psirt/FG-IR-20-236","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}