PT-2021-9844 · Fortinet · Fortisandbox
Published
2021-09-06
·
Updated
2022-07-12
·
CVE-2020-15939
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiSandbox versions 3.1.4 and below
FortiSandbox versions 3.2.1 and below
Description
An improper access control issue may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
Recommendations
For FortiSandbox versions 3.1.4 and below, restrict access to the recovery URL to prevent unauthorized downloads of the device configuration file.
For FortiSandbox versions 3.2.1 and below, consider disabling access to the recovery URL until a fix is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fortisandbox