-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3005
                       FortiSandbox Vulnerabilities
                             8 September 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiSandbox
Publisher:         FortiGuard Labs
Operating System:  Network Appliance
Impact/Access:     Denial of Service        -- Existing Account      
                   Access Confidential Data -- Remote/Unauthenticated
                   Reduced Security         -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-29013 CVE-2020-29012 

Original Bulletin: 
   https://fortiguard.com/psirt/FG-IR-20-070
   https://fortiguard.com/psirt/FG-IR-20-178

Comment: This bulletin contains two (2) FortiGuard Labs security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

FortiSandbox - Session ID does not expire after logout

IR Number    : FG-IR-20-070
Date         : Sep 7, 2021
Risk         : 3/5
CVSSv3 Score : 5.5
Impact       : Information Disclosure
CVE ID       : CVE-2020-29012
Affected Products: FortiSandbox: 3.2.1, 3.2.0

Summary

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox may
allow an attacker to reuse the unexpired admin user session IDs to gain
information about other users configured on the device, should the attacker be
able to obtain that session ID (via other, hypothetical attacks)

Affected Products

FortiSandbox versions 3.2.1 and below.

Solutions

Please upgrade to FortiSandbox version 3.2.2 or above.
Please upgrade to FortiSandbox version 4.0.0.
Workaround:
1. Disable HTTP and enable HTTPS to prevent intercepting the token over the
network.
2. Clear the browser cache/cookies after logging out to prevent the token from
being available on the local PC.

Acknowledgement

Fortinet is pleased to thank Danilo Costa for reporting this vulnerability
under responsible disclosure

- --------------------------------------------------------------------------------

Insufficient validation logic in Fortisandbox sniffer's max file size

IR Number    : FG-IR-20-178
Date         : Sep 7, 2021
Risk         : 3/5
CVSSv3 Score : 5.3
Impact       : Denial of Service
CVE ID       : CVE-2020-29013
Affected Products: FortiSandbox: 3.2.1, 3.2.0

Summary

An improper input validation vulnerability in the sniffer interface of
FortiSandbox may allow an authenticated attacker to silently halt the sniffer
via specifically crafted requests.

Affected Products

FortiSandbox 3.2.1 and below.
FortiSandbox 3.1.4 and below.

Solutions

Upgrade to version 3.2.2. Upgrade to version 4.0.1.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product
Security Team.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYTgAFONLKJtyKPYoAQiW9A//TPrg46ur2flyHx7vcOdOIVa0/1Gq6s9S
r8D3v3EkEMiyPibTecSSgk+sv6VOKo0XRXRNkhfJRccpjo9Ul1IaporiZcXAgnsB
5qx7AmxfbVyH7P47weFwPCE6DS6aEynrwIuyxw6+x8NVLurltrvxru7lZXrVtneK
t4Uy3ws/UEgsZIXNJU2yGDM/wwpfDl+fCdu4Nn8CcWmVJ+sKZEHvkRL5bRnja1EB
HTCgFrWsuL98N3mFvAlAYTTlUteqhYIuitU5zy8mj4Jqa0z13QspAzN/uAvZP7HQ
WGHIve6rpR8lI7IvyK0eGw+TU+JvTSrI9AqjIXbPRvNnoi/cyBaOh1EzFXdqdBIA
6NjMaRJi6EMKPzdA53Z+ubD4nIJsQN+R8fdZUVfJXoS25L1eVb+MqrqDbMB9UFQh
w+Q7u+sQOxP6LgkOdC17vjbrSv7aYH3ftZ6CS/kI3zfT7/YlK1ogOwtrV2JSJ2bH
Dz1byeE2TG6eYEhOwERq0K17H7Cxt8b827mLO5GQTohRms9TpnDJubDLPoC8MG3Z
58tdsjliU+I7p6JNL9zlcWwaQThW3YZPqqULkw1jixj5whT5fwdpfuWT2b+j8Iwf
CX3lLJz0aZA1ST3tM3R/wl2mh0F5JDBmHGD6K3Wr1rsP2vYq6sNLkc6JVbhDCBVd
madkfAuZr0w=
=YSTy
-----END PGP SIGNATURE-----