CVE-2021-26096

Published: Aug 4, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

Affected (2)

Products: Fortinet: Fortisandbox

Fortinet

1 product

Fortisandbox

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortisandbox	Up to 3.1.4
Fortinet Fortisandbox	From 3.2.0 to 3.2.3

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://fortiguard.com/advisory/FG-IR-20-188

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-188

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.