What is the severity of CVE-2024-31490?

CVE-2024-31490 has a severity rating that indicates a medium risk due to exposure of sensitive information.

How do I fix CVE-2024-31490?

To fix CVE-2024-31490, update Fortinet FortiSandbox to version 4.4.5 or above, 4.2.7 or above, or apply other relevant patches.

What versions of FortiSandbox are affected by CVE-2024-31490?

CVE-2024-31490 affects FortiSandbox versions from 4.4.0 through 4.4.4, 4.2.0 through 4.2.6, 4.0.0 through 4.0.5, 3.2.2 through 3.2.4, and 3.1.5.

What type of attack is associated with CVE-2024-31490?

CVE-2024-31490 allows an unauthorized actor to perform information disclosure via HTTP GET requests.

Is there a workaround for CVE-2024-31490?

There is no documented workaround for CVE-2024-31490, so upgrading to a non-vulnerable version is recommended.

Vulnerability/
CVE-2024-31490

medium

6.5

CWE

200

10/9/2024

20/9/2024

CVE-2024-31490: Sensitive files disclosure in diagnostic logs download

First published: Tue Sep 10 2024(Updated: )

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiSandbox Firmware	>=3.2.2<4.2.7
Fortinet FortiSandbox Firmware	>=4.4.0<4.4.5
Fortinet FortiSandbox Firmware	=3.1.5
Fortinet FortiSandbox Firmware	>=4.4.0<=4.4.4
Fortinet FortiSandbox Firmware	>=4.2.0<=4.2.6
Fortinet FortiSandbox Firmware	>=4.0
Fortinet FortiSandbox Firmware	>=3.2.2<=3.2.4
Fortinet FortiSandbox Firmware	=.

Remedy

Please upgrade to FortiSandbox version 4.4.5 or above Please upgrade to FortiSandbox version 4.2.7 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-31490?
CVE-2024-31490 has a severity rating that indicates a medium risk due to exposure of sensitive information.
How do I fix CVE-2024-31490?
To fix CVE-2024-31490, update Fortinet FortiSandbox to version 4.4.5 or above, 4.2.7 or above, or apply other relevant patches.
What versions of FortiSandbox are affected by CVE-2024-31490?
CVE-2024-31490 affects FortiSandbox versions from 4.4.0 through 4.4.4, 4.2.0 through 4.2.6, 4.0.0 through 4.0.5, 3.2.2 through 3.2.4, and 3.1.5.
What type of attack is associated with CVE-2024-31490?
CVE-2024-31490 allows an unauthorized actor to perform information disclosure via HTTP GET requests.
Is there a workaround for CVE-2024-31490?
There is no documented workaround for CVE-2024-31490, so upgrading to a non-vulnerable version is recommended.

collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-31490
agent/first-publish-date
agent/title
agent/remedy
agent/weakness
agent/references
agent/type
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/description
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/fortiguard-psirt
vendor/fortinet
canonical/fortinet fortisandbox firmware
version/fortinet fortisandbox firmware/3.2.2
version/fortinet fortisandbox firmware/4.4.0
version/fortinet fortisandbox firmware/3.1.5
version/fortinet fortisandbox firmware/4.4.4
version/fortinet fortisandbox firmware/4.2.0
version/fortinet fortisandbox firmware/4.2.6
version/fortinet fortisandbox firmware/4.0
version/fortinet fortisandbox firmware/3.2.4
version/fortinet fortisandbox firmware/.