FortiSandbox - Race condition vulnerability in command shell
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-185
Final
1
1
2021-07-07T00:00:00
Current version
2021-07-07T00:00:00
2021-07-07T00:00:00
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.
Memory corruption
FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below.
Upgrade to version 4.0.0. or above. Upgrade to version 3.2.2 or above.
Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team.
FortiSandbox 3.2.1
FortiSandbox 3.2.0
FortiSandbox - Race condition vulnerability in command shell
CVE-2020-29014
FortiSandbox-3.2.1
FortiSandbox-3.2.0
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-185
FortiSandbox - Race condition vulnerability in command shell
Reference>