vulnerability

Fortinet FortiOS: Cleartext Storage of Sensitive Information (CVE-2020-6648)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Oct 21, 2020	Oct 29, 2020	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Oct 21, 2020

Added

Oct 29, 2020

Modified

Aug 11, 2025

Description

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.

Solutions

fortios-upgrade-6_0_12fortios-upgrade-6_2_5

References

CVE-2020-6648
https://attackerkb.com/topics/CVE-2020-6648
CWE-312
URL-https://www.fortiguard.com/psirt/FG-IR-20-009
URL-https://www.fortiguard.com/psirt/FG-IR-20-236

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today