CVE Vulnerabilities

CVE-2020-15939

Published: Sep 06, 2021 | Modified: Jul 12, 2022
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.

Affected Software

Name Vendor Start Version End Version
Fortisandbox Fortinet * 3.1.5 (excluding)
Fortisandbox Fortinet 3.2.0 (including) 3.2.2 (excluding)

References