CVE-2024-31490Sensitive Information Exposure in Fortinet Fortisandbox

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
6.5MEDIUMNVD
CNA4.3
EPSS
0.7%
top 28.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisandbox
Timeline
PublishedSep 10

Description

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2.2 through 3.2.4, FortiSandbox 3.1.5 allows attacker to information disclosure via HTTP get requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortisandbox3.2.24.2.7+2
CVEListV5fortinet/fortisandbox4.4.04.4.4+4

🔴Vulnerability Details

3
GHSA
GHSA-q6gr-fq83-8hmc: An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 42024-09-10
CVEList
CVE-2024-31490: An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 42024-09-10
OSV
frr vulnerabilities2024-06-05

📋Vendor Advisories

1
Fortinet
Sensitive files disclosure in diagnostic logs download2024-09-10
CVE-2024-31490 — Sensitive Information Exposure | cvebase