SecuriTricks - CVE-2020-9295

Description

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Based on the samples provided, FortiClient will detect the malicious files upon trying extraction by real-time scanning and FortiGate will detect the malicious archive if Virus Outbreak Prevention is enabled.

Product(s) Impacted

Vendor	Product	Versions
Fortinet	Fortios Forticlient	6.2, 6.4 6.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-358

Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	fortinet	fortios	6.2	/	/	/	/	/	/	/
a	fortinet	fortios	6.4	/	/	/	/	/	/	/
a	fortinet	forticlient	6.2	/	/	/	/	/	/	/

References

https://fortiguard.com/psirt/FG-IR-20-037

CVSS Score

4.7 / 10

CVSS Data

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: CHANGED
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Date

Published: March 17, 2025, 2:15 p.m.
Last Modified: March 17, 2025, 2:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

psirt@fortinet.com

CVE-2020-9295