The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
Base Score: 2.6
Impact Score: 2.9
Exploitability Score: 4.9
Base Score: 7.5
Impact Score: 3.6
Exploitability Score: 3.9
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions up to 6.2.1 (inclusive)