Improper Input Validation in FortiSandbox Sniffer Interface
CVE-2020-29013

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortisandbox
Vendor: CVE Published:; 6 April 2022

Summary

FortiSandbox, a product by Fortinet, has a vulnerability within its sniffer interface that arises from improper input validation. This flaw allows an authenticated attacker to exploit the system by sending specifically crafted requests, which can lead to the silent halting of the sniffer functionality. This vulnerability stresses the importance of robust input validation in order to safeguard against unauthorized disruptions and potential abuse of the system.

Affected Version(s)

Fortinet FortiSandbox FortiSandbox before 3.2.2

References

https://fortiguard.com/advisory/FG-IR-20-178

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2022
Vulnerability Reserved
Nov 24, 2020