Lucene search

K

7 matches found

CVE
CVE
added 2021/07/09 7:15 p.m.66 views

CVE-2020-29014

A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.

6.3CVSS5.3AI score0.00497EPSS
CVE
CVE
added 2021/09/06 4:15 p.m.54 views

CVE-2020-15939

An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.

4.3CVSS4.5AI score0.00227EPSS
CVE
CVE
added 2019/04/09 9:29 p.m.51 views

CVE-2018-1356

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.

6.1CVSS6.2AI score0.00233EPSS
CVE
CVE
added 2021/08/04 4:15 p.m.43 views

CVE-2021-26097

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP ...

8.8CVSS8.8AI score0.00434EPSS
CVE
CVE
added 2021/07/20 11:15 a.m.36 views

CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.

9CVSS7AI score0.00306EPSS
CVE
CVE
added 2021/09/08 11:15 a.m.34 views

CVE-2020-29012

An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetica...

5.6CVSS5.2AI score0.00203EPSS
CVE
CVE
added 2021/08/04 4:15 p.m.30 views

CVE-2020-29011

Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.

8.8CVSS9.1AI score0.00361EPSS