ID

VAR-202109-1923


CVE

CVE-2020-29013


TITLE

FortiSandbox  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019576

DESCRIPTION

An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. FortiSandbox There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2020-29013 // JVNDB: JVNDB-2021-019576 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-375140

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:eqversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:3.2.1

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.2

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019576 // NVD: CVE-2020-29013

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-29013
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2020-29013
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-29013
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202109-291
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-375140
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-29013
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-375140
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-29013
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-019576
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-375140 // JVNDB: JVNDB-2021-019576 // CNNVD: CNNVD-202109-291 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-29013 // NVD: CVE-2020-29013

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-375140 // JVNDB: JVNDB-2021-019576 // NVD: CVE-2020-29013

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-291

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202109-291

PATCH

title:FG-IR-20-178url:https://www.fortiguard.com/psirt/FG-IR-20-178

Trust: 0.8

title:Fortinet FortiSandbox Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161589

Trust: 0.6

sources: JVNDB: JVNDB-2021-019576 // CNNVD: CNNVD-202109-291

EXTERNAL IDS

db:NVDid:CVE-2020-29013

Trust: 3.3

db:JVNDBid:JVNDB-2021-019576

Trust: 0.8

db:CS-HELPid:SB2021090717

Trust: 0.6

db:AUSCERTid:ESB-2021.3005

Trust: 0.6

db:CNNVDid:CNNVD-202109-291

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-375140

Trust: 0.1

sources: VULHUB: VHN-375140 // JVNDB: JVNDB-2021-019576 // CNNVD: CNNVD-202109-291 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-29013

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-20-178

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-29013

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2020-29013/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3005

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090717

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

sources: VULHUB: VHN-375140 // JVNDB: JVNDB-2021-019576 // CNNVD: CNNVD-202109-291 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-29013

SOURCES

db:VULHUBid:VHN-375140
db:JVNDBid:JVNDB-2021-019576
db:CNNVDid:CNNVD-202109-291
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2020-29013

LAST UPDATE DATE

2024-08-14T13:06:48.854000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-375140date:2022-04-13T00:00:00
db:JVNDBid:JVNDB-2021-019576date:2023-08-04T05:12:00
db:CNNVDid:CNNVD-202109-291date:2022-04-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2020-29013date:2022-04-13T17:57:16.327

SOURCES RELEASE DATE

db:VULHUBid:VHN-375140date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2021-019576date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202109-291date:2021-09-07T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2020-29013date:2022-04-06T09:15:07.977