Description
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low
E
X
RL
X
RC
X
Affected products
- fortinet / Fortinet FortiSandboxFortiSandbox before 4.0.0 – FortiSandbox before 4.0.0