Description
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
E
Physical
RL
X
RC
X
Affected products
- fortinet / Fortinet FortiSandboxFortiSandbox before 4.0.0 – FortiSandbox before 4.0.0