Cyber Posture

CVE-2020-9295

Medium

Published: 17 March 2025

Published
17 March 2025
Modified
14 August 2025
KEV Added
Patch
CVSS Score 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score 0.0030 53.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may disable, degrade, or tamper with security tools or applications (e.

Security Summary

CVE-2020-9295 is a vulnerability in the antivirus engine of certain Fortinet products that causes failure to immediately detect specific malformed or non-standard RAR archives potentially containing malicious files. It affects FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below, and FortiClient 6.2 running AV engine version 6.00137 and below.

A remote, unauthenticated attacker can exploit this over the network with low attack complexity by tricking a user into interacting with the malicious RAR archive, such as attempting to open or process it. This bypasses the initial detection scan, resulting in low integrity impact with a changed scope, as reflected in the CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). While exploitation requires user interaction, FortiClient will detect the malicious files during extraction via real-time scanning, and FortiGate will detect the archive if Virus Outbreak Prevention is enabled.

Mitigation details are available in the FortiGuard PSIRT advisory at https://fortiguard.com/psirt/FG-IR-20-037.

Details

CWE(s)
CWE-358

Affected Products

fortinet
antivirus engine
≤ 6.00145 · ≤ 6.00145

MITRE ATT&CK Enterprise Techniques

T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
attack.mitre.org →
Why these techniques?

The vulnerability allows bypassing initial AV detection for malformed RAR archives containing malicious files, facilitating evasion of security tools.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

References