Lucene search

FortinetCVELIST:CVE-2020-29014

HistoryJul 09, 2021 - 6:26 p.m.

CVE-2020-29014

2021-07-0918:26:29

fortinet

www.cve.org

cve-2020-29014

fortisandbox

command shell

improper synchronization

system unresponsiveness

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

34.6%

JSON

A concurrent execution using shared resource with improper synchronization (‘race condition’) in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.

CNA Affected

[
  {
    "product": "Fortinet FortiSandbox",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiSandbox before 3.2.2"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-20-185