Vulnerability Description
FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Based on the samples provided, FortiClient will detect the malicious files upon trying extraction by real-time scanning and FortiGate will detect the malicious archive if Virus Outbreak Prevention is enabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Antivirus Engine | < 6.00145 |
| Fortinet | Fortios | >= 6.2.0, <= 6.4.16 |
| Fortinet | Forticlient | >= 6.0.0, <= 6.2.6 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-20-037Vendor Advisory
FAQ
What is CVE-2020-9295?
CVE-2020-9295 is a vulnerability with a CVSS score of 4.7 (MEDIUM). FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately det...
How severe is CVE-2020-9295?
CVE-2020-9295 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9295?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Antivirus Engine, Fortinet Fortios, Fortinet Forticlient.