FortiSandbox - Unauthorized user able to download the device configuration file.
Summary
An improper access control vulnerability (CWE-284) in FortiSandbox may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
Affected Products
FortiSandbox version 3.2.1 and below.
FortiSandbox version 3.1.4 and below.
Solutions
Please upgrade to FortiSandbox version 4.0.0 or above.
Please upgrade to FortiSandbox version 3.2.2 or above
Please upgrade to FortiSandbox version 3.1.5 or above