CVE-2020-9295

MEDIUM

FortiOS <6.2-6.4 - Code Injection

Title source: llm

Description

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious files. Based on the samples provided, FortiClient will detect the malicious files upon trying extraction by real-time scanning and FortiGate will detect the malicious archive if Virus Outbreak Prevention is enabled.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-20-037

Scores

CVSS v3 4.7

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-358

Status published

Products (1)

fortinet/antivirus_engine < 6.00145

Published Mar 17, 2025

Tracked Since Feb 18, 2026