Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3005 FortiSandbox Vulnerabilities 8 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiSandbox Publisher: FortiGuard Labs Operating System: Network Appliance Impact/Access: Denial of Service -- Existing Account Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-29013 CVE-2020-29012 Original Bulletin: https://fortiguard.com/psirt/FG-IR-20-070 https://fortiguard.com/psirt/FG-IR-20-178 Comment: This bulletin contains two (2) FortiGuard Labs security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- FortiSandbox - Session ID does not expire after logout IR Number : FG-IR-20-070 Date : Sep 7, 2021 Risk : 3/5 CVSSv3 Score : 5.5 Impact : Information Disclosure CVE ID : CVE-2020-29012 Affected Products: FortiSandbox: 3.2.1, 3.2.0 Summary An insufficient session expiration vulnerability [CWE-613] in FortiSandbox may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) Affected Products FortiSandbox versions 3.2.1 and below. Solutions Please upgrade to FortiSandbox version 3.2.2 or above. Please upgrade to FortiSandbox version 4.0.0. Workaround: 1. Disable HTTP and enable HTTPS to prevent intercepting the token over the network. 2. Clear the browser cache/cookies after logging out to prevent the token from being available on the local PC. Acknowledgement Fortinet is pleased to thank Danilo Costa for reporting this vulnerability under responsible disclosure - -------------------------------------------------------------------------------- Insufficient validation logic in Fortisandbox sniffer's max file size IR Number : FG-IR-20-178 Date : Sep 7, 2021 Risk : 3/5 CVSSv3 Score : 5.3 Impact : Denial of Service CVE ID : CVE-2020-29013 Affected Products: FortiSandbox: 3.2.1, 3.2.0 Summary An improper input validation vulnerability in the sniffer interface of FortiSandbox may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. Affected Products FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below. Solutions Upgrade to version 3.2.2. Upgrade to version 4.0.1. Acknowledgement Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security Team. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYTgAFONLKJtyKPYoAQiW9A//TPrg46ur2flyHx7vcOdOIVa0/1Gq6s9S r8D3v3EkEMiyPibTecSSgk+sv6VOKo0XRXRNkhfJRccpjo9Ul1IaporiZcXAgnsB 5qx7AmxfbVyH7P47weFwPCE6DS6aEynrwIuyxw6+x8NVLurltrvxru7lZXrVtneK t4Uy3ws/UEgsZIXNJU2yGDM/wwpfDl+fCdu4Nn8CcWmVJ+sKZEHvkRL5bRnja1EB HTCgFrWsuL98N3mFvAlAYTTlUteqhYIuitU5zy8mj4Jqa0z13QspAzN/uAvZP7HQ WGHIve6rpR8lI7IvyK0eGw+TU+JvTSrI9AqjIXbPRvNnoi/cyBaOh1EzFXdqdBIA 6NjMaRJi6EMKPzdA53Z+ubD4nIJsQN+R8fdZUVfJXoS25L1eVb+MqrqDbMB9UFQh w+Q7u+sQOxP6LgkOdC17vjbrSv7aYH3ftZ6CS/kI3zfT7/YlK1ogOwtrV2JSJ2bH Dz1byeE2TG6eYEhOwERq0K17H7Cxt8b827mLO5GQTohRms9TpnDJubDLPoC8MG3Z 58tdsjliU+I7p6JNL9zlcWwaQThW3YZPqqULkw1jixj5whT5fwdpfuWT2b+j8Iwf CX3lLJz0aZA1ST3tM3R/wl2mh0F5JDBmHGD6K3Wr1rsP2vYq6sNLkc6JVbhDCBVd madkfAuZr0w= =YSTy -----END PGP SIGNATURE-----