FortiSandbox - Unauthorized user able to download the device configuration file.

2021-08-03T00:00:00
ID FG-IR-20-071
Type fortinet
Reporter FortiGuard Labs
Modified 2021-08-03T00:00:00

Description

An improper access control vulnerability (CWE-284) in FortiSandbox may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.