February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2021-38540 – Apache Airflow Security Vulnerability
September 10, 2021Rewterz Threat Alert – Phobos Ransomware – Active IOCs
September 10, 2021Rewterz Threat Advisory – CVE-2021-38540 – Apache Airflow Security Vulnerability
September 10, 2021Rewterz Threat Alert – Phobos Ransomware – Active IOCs
September 10, 2021
Severity
Medium
Analysis Summary
CVE-2020-29012
Fortinet FortiSandbox could allow a remote attacker to obtain sensitive information, caused by insufficient session expiration. By reusing the unexpired admin user session IDs, a remote attacker could exploit this vulnerability to obtain sensitive information about other users configured on the device and use this information to launch further attacks against the affected system.
Impact
- Information Theft
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiSandbox 2.0.4
- Fortinet FortiSandbox 2.4.1
- Fortinet FortiSandbox 2.5.0
- Fortinet FortiSandbox 2.5.1
- Fortinet FortiSandbox 3.2.1
- Fortinet FortiSandbox 3.0.6
Remediation
Refer to FortiGuard Advisory FG-IR-20-070 for the patch, upgrade, or suggested workaround information.