COMPANY: Fortinet
HARDWARE DEVICE(s): Fortiweb Web Application Firewalls (WAF)
VENDOR LINK(s): https://www.fortiguard.com/psirt/FG-IR-20-125
CVEs: CVE-2020-29015, CVE-2020-29016, CVE-2020-29019 and CVE-2020-29018
OFFICIAL CVSS: 6.4 — (Disputed by researcher: The CVE CVE-2020-29016 can allow code execution to be enabled, which means a CVSS of 9+ typically.)
NOTES: The vulnerabilities were discovered in the FortiWeb administration interface. The researcher said the vulnerability disclosure process took 120 days.