CVE-2020-29012 MEDIUM

CVE-2020-29012

Vendor Fortinet
Product Fortinet FortiSandbox
Published September 8, 2021
Last update October 25, 2024

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X

What the vulnerability does

01Description

An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

Key dates

02Disclosure timeline

September 8, 2021 CVE published
October 25, 2024 Record updated