FortiSandbox - Predictable session IDs of JSON API
An instance of small space of random values in FortiSandbox RPC API may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
FortiSandbox version 3.2.2 and below.
FortiSandbox version 3.1.4 and below.
Upgrade to FortiSandbox version 4.0.0.
Upgrade to FortiSandbox version 3.2.3.