FortiSandbox - Command injection in web interface

2021-08-0300:00:00

FortiGuard Labs

www.fortiguard.com

0.002 Low

EPSS

Percentile

62.1%

JSON

An improper neutralization of special elements used in an OS Command vulnerabilityÂ in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.

CPENameOperatorVersion
fortisandboxeq3.2.2
fortisandboxeq3.2.1
fortisandboxeq3.2.0
fortisandboxeq3.1.4
fortisandboxeq3.1.3
fortisandboxeq3.1.2
fortisandboxeq3.1.1
fortisandboxeq3.1.0
fortisandboxeq3.0.6
fortisandboxeq3.0.5

Name	Operator	Version
fortisandbox	eq	3.2.2
fortisandbox	eq	3.2.1
fortisandbox	eq	3.2.0
fortisandbox	eq	3.1.4
fortisandbox	eq	3.1.3
fortisandbox	eq	3.1.2
fortisandbox	eq	3.1.1
fortisandbox	eq	3.1.0
fortisandbox	eq	3.0.6
fortisandbox	eq	3.0.5

Rows per page:

1-10 of 151

0.002 Low

EPSS

Percentile

62.1%

JSON

Related for FG-IR-20-198