CVE-2020-29011

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 3.1.0 through 3.1.4 FortiSandbox versions 3.2.0 through 3.2.2

Description The issue is related to a lack of protection against SQL query structure attacks in the MTA adapter module for email message checking and the checksum search module of FortiSandbox. This may allow a remote attacker to execute arbitrary SQL code by sending specially crafted HTTP requests. The vulnerability can be exploited by an authenticated attacker to execute unauthorized code on the underlying SQL interpreter.

Recommendations For FortiSandbox versions 3.1.0 through 3.1.4, consider disabling the checksum search and MTA-quarantine modules until a patch is available. For FortiSandbox versions 3.2.0 through 3.2.2, consider disabling the checksum search and MTA-quarantine modules until a patch is available. As a temporary workaround, restrict access to the vulnerable modules to minimize the risk of exploitation.