Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-29010

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP address.

Published

2025-03-17T14:15:16.730

Last Modified

2025-07-24T20:15:46.223

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	fortinet	fortios	< 6.0.11	Yes
Operating System	fortinet	fortios	< 6.2.5	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-20-103 Vendor Advisory ([email protected])