Fortisandbox@3.1.4 Security Vulnerabilities and Issues — Fortisandbox@3.1.4 CVE List

Lucene search

FortinetFortisandbox3.1.4

5 matches found

CVE•added 2021/08/04 2:15 p.m.•66 views

CVE-2021-26098

An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.

7.5CVSS7.3AI score0.00306EPSS

CVE•added 2021/08/04 7:15 p.m.•61 views

CVE-2021-24014

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.

6.1CVSS6.2AI score0.00444EPSS

CVE•added 2025/03/24 4:15 p.m.•53 views

CVE-2021-26105

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.

8.8CVSS7.8AI score0.00102EPSS

CVE•added 2021/08/04 6:15 p.m.•52 views

CVE-2021-26096

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

8.8CVSS8.8AI score0.00525EPSS

CVE•added 2022/04/06 9:15 a.m.•43 views

CVE-2020-29013

An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.

5.5CVSS5.3AI score0.00402EPSS