Описание
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.2 (исключая)
cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
5.6 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-613
Связанные уязвимости
github
больше 3 лет назад
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
EPSS
Процентиль: 42%
0.00203
Низкий
5.6 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-613