← Voltar para CVEs
CVE-2020-29012
MEDIUM5.6
Descricao
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
Detalhes CVE
Pontuacao CVSS v3.15.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/8/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
fortinet:fortisandbox
Fraquezas (CWE)
CWE-613
Referencias
https://fortiguard.com/advisory/FG-IR-20-070(psirt@fortinet.com)
https://fortiguard.com/advisory/FG-IR-20-070(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.