ID

VAR-202409-0983


CVE

CVE-2024-31490


TITLE

fortinet's  FortiSandbox  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-008767

DESCRIPTION

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests. fortinet's FortiSandbox Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-31490 // JVNDB: JVNDB-2024-008767

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:ltversion:4.2.7

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.4.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:3.1.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.2 that's all 4.2.7

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.1.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0 that's all 4.4.5

Trust: 0.8

sources: JVNDB: JVNDB-2024-008767 // NVD: CVE-2024-31490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-31490
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2024-31490
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-31490
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2024-31490
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2024-31490
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-31490
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-008767 // NVD: CVE-2024-31490 // NVD: CVE-2024-31490

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-008767 // NVD: CVE-2024-31490

PATCH

title:FG-IR-24-051url:https://fortiguard.com/psirt/FG-IR-24-051

Trust: 0.8

sources: JVNDB: JVNDB-2024-008767

EXTERNAL IDS

db:NVDid:CVE-2024-31490

Trust: 2.6

db:JVNDBid:JVNDB-2024-008767

Trust: 0.8

sources: JVNDB: JVNDB-2024-008767 // NVD: CVE-2024-31490

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-24-051

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-31490

Trust: 0.8

sources: JVNDB: JVNDB-2024-008767 // NVD: CVE-2024-31490

SOURCES

db:JVNDBid:JVNDB-2024-008767
db:NVDid:CVE-2024-31490

LAST UPDATE DATE

2024-09-25T23:21:59.251000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-008767date:2024-09-24T05:33:00
db:NVDid:CVE-2024-31490date:2024-09-20T19:48:42.507

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-008767date:2024-09-24T00:00:00
db:NVDid:CVE-2024-31490date:2024-09-10T15:15:15.983