216.73.216.36

CVE-2020-9295

· Published 17/03/2025 14:15 · Modified 17/03/2025 14:15

Labels: CVE-2020-9295 2025-03-17CVE-2020-9295CWE-358[email protected]

Essential information

Published
17/03/2025 14:15
Modified
17/03/2025 14:15
Author
Creator
CVSS
4.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CVSS metrics

Description

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Based on the samples provided, FortiClient will detect the malicious files upon trying extraction by real-time scanning and FortiGate will detect the malicious archive if Virus Outbreak Prevention is enabled.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortios cpe:2.3:a:fortinet:fortios:6.2:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:a:fortinet:fortios:6.4:*:*:*:*:*:*:*
fortinet / forticlient cpe:2.3:a:fortinet:forticlient:6.2:*:*:*:*:*:*:*

References