An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
CPE | Name | Operator | Version |
---|---|---|---|
fortisandbox | le | 3.1.4 | |
fortisandbox | ge | 3.2.0 | |
fortisandbox | lt | 3.2.3 |