Fortinet FortiSandbox up to 3.1.4/3.2.1 Recovery URL information disclosure

Summaryinfo

A vulnerability classified as problematic was found in Fortinet FortiSandbox up to 3.1.4/3.2.1. This vulnerability affects unknown code of the component Recovery URL Handler. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2020-15939. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Fortinet FortiSandbox up to 3.1.4/3.2.1. It has been rated as problematic. Affected by this issue is an unknown function of the component Recovery URL Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.

The weakness was disclosed 09/07/2021 as FG-IR-20-071. The advisory is available at fortiguard.com. This vulnerability is handled as CVE-2020-15939. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

Upgrading to version 3.1.5, 3.2.2 or 4.0.0 eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Fortinet

Name

• FortiSandbox

Version

• 3.1.0
• 3.1.1
• 3.1.2
• 3.1.3
• 3.1.4
• 3.2.0
• 3.2.1

License

• commercial

Website

• Vendor: https://www.fortinet.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion