An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortisandbox | Fortinet | * | 3.1.5 (excluding) |
Fortisandbox | Fortinet | 3.2.0 (including) | 3.2.2 (excluding) |