PT-2021-11623 · Fortinet · Fortisandbox

Published

2021-09-08

Updated

2021-09-14

CVE-2020-29012

CVSS v3.1

5.6

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: FortiSandbox versions 3.2.1 and below

Description: The issue allows an attacker to reuse unexpired admin user session IDs, potentially gaining information about other users configured on the device, if the attacker can obtain the session ID through other means.

Recommendations: For FortiSandbox versions 3.2.1 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2020-29012

Affected Products

Fortisandbox

PT-2021-11623 · Fortinet · Fortisandbox

CVE-2020-29012

Weakness Enumeration

Related Identifiers

Affected Products

References · 3