Sensitive Information Disclosure via SNI Client Hello TLS Packets in Fortinet FortiGate

CVE-2020-15936 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

Learn more about our Cis Benchmark Audit For Fortinet.