CVE-2020-9295

EPSS 0.05%
Veröffentlicht 17.03.2025 13:40:48
Zuletzt bearbeitet 14.08.2025 21:11:34
Quelle psirt@fortinet.com
Teams Watchlist Login
Unerledigt Login

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Based on the samples provided, FortiClient will detect the malicious files upon trying extraction by real-time scanning and FortiGate will detect the malicious archive if Virus Outbreak Prevention is enabled.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Antivirus Engine Version < 6.00145

Fortinet ≫ Fortios Version >= 6.2.0 <= 6.4.16

Fortinet ≫ Antivirus Engine Version < 6.00145

Fortinet ≫ FortiClient SwPlatformwindows Version >= 6.0.0 <= 6.2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.153

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@fortinet.com	4.7	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

https://fortiguard.com/psirt/FG-IR-20-037

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-9295

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9295

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9295

EUVD