What is CVE-2020-9294?

CVE-2020-9294 is a vulnerability in Fortinet Fortimail. Published 2020-04-27.

Is CVE-2020-9294 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fortinet Fortimail

CVE-2020-9294

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password…

EPSS: 0.801 (99.1th percentile) — read the EPSS interpretation.

Affected products

Fortinet Fortimail — versions 5.4.10, 6.0.7, 6.2.2 and earlier
Fortinet Fortivoiceenterprise — versions 6.0.0, 6.0.1

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon
zhanpengliu-tencent/medium-cve

References

fortiguard.com/psirt/FG-IR-20-045 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-9294?: CVE-2020-9294 is a vulnerability in Fortinet Fortimail. Published 2020-04-27.
Is CVE-2020-9294 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.