FortiSandbox - Race condition vulnerability in command shell


A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.

Affected Products

FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below.


Upgrade to version 4.0.0. or above. Upgrade to version 3.2.2 or above.


Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team.