ID

VAR-202107-0231


CVE

CVE-2020-29014


TITLE

FortiSandbox  Race Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-008987

DESCRIPTION

A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. FortiSandbox Is vulnerable to a race condition.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2020-29014 // JVNDB: JVNDB-2021-008987 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-375141 // VULMON: CVE-2020-29014

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:ltversion:3.2.2

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.2

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-008987 // NVD: CVE-2020-29014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-29014
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2020-29014
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-29014
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-555
value: MEDIUM

Trust: 0.6

VULHUB: VHN-375141
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-29014
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-29014
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-375141
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-29014
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2020-29014
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-29014
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-375141 // VULMON: CVE-2020-29014 // JVNDB: JVNDB-2021-008987 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-555 // NVD: CVE-2020-29014 // NVD: CVE-2020-29014

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:Race condition (CWE-362) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-375141 // JVNDB: JVNDB-2021-008987 // NVD: CVE-2020-29014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-555

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:FG-IR-20-185url:https://fortiguard.com/advisory/FG-IR-20-185

Trust: 0.8

sources: JVNDB: JVNDB-2021-008987

EXTERNAL IDS

db:NVDid:CVE-2020-29014

Trust: 3.4

db:JVNDBid:JVNDB-2021-008987

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021071407

Trust: 0.6

db:CNNVDid:CNNVD-202107-555

Trust: 0.6

db:VULHUBid:VHN-375141

Trust: 0.1

db:VULMONid:CVE-2020-29014

Trust: 0.1

sources: VULHUB: VHN-375141 // VULMON: CVE-2020-29014 // JVNDB: JVNDB-2021-008987 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-555 // NVD: CVE-2020-29014

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-185

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-29014

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071407

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/362.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-375141 // VULMON: CVE-2020-29014 // JVNDB: JVNDB-2021-008987 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-555 // NVD: CVE-2020-29014

SOURCES

db:VULHUBid:VHN-375141
db:VULMONid:CVE-2020-29014
db:JVNDBid:JVNDB-2021-008987
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-555
db:NVDid:CVE-2020-29014

LAST UPDATE DATE

2024-08-14T13:15:38.683000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-375141date:2021-07-12T00:00:00
db:VULMONid:CVE-2020-29014date:2021-07-12T00:00:00
db:JVNDBid:JVNDB-2021-008987date:2022-04-01T09:09:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-555date:2021-07-14T00:00:00
db:NVDid:CVE-2020-29014date:2021-07-12T13:56:55.257

SOURCES RELEASE DATE

db:VULHUBid:VHN-375141date:2021-07-09T00:00:00
db:VULMONid:CVE-2020-29014date:2021-07-09T00:00:00
db:JVNDBid:JVNDB-2021-008987date:2022-04-01T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-555date:2021-07-09T00:00:00
db:NVDid:CVE-2020-29014date:2021-07-09T19:15:08