CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26097
https://notcve.org/view.php?id=CVE-2021-26097
04 Aug 2021 — An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. Una neutralización inapropiada de los elementos especiales usados en una vulnerabilidad de comandos del Sistema Operativo en FortiSandbox versiones 3.2.0 hasta 3.2.2, versiones 3.1.0 hasta 3.1.4, y versi... • https://fortiguard.com/advisory/FG-IR-20-198 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29011
https://notcve.org/view.php?id=CVE-2020-29011
04 Aug 2021 — Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests. Unas vulnerabilidades de Inyección de instancias SQL en los módulos de búsqueda de sumas de comprobación y de cuarentena MTA de FortiSandbox versiones 3.2.0 hasta 3.2.2, y versiones 3.1.0 hasta 3.1.4, pueden permitir a ... • https://fortiguard.com/advisory/FG-IR-20-171 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-24010
https://notcve.org/view.php?id=CVE-2021-24010
04 Aug 2021 — Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. Unas vulnerabilidades de limitación inapropiada de una ruta de acceso a un directorio restringido en FortiSandbox versiones 3.2.0 hasta 3.2.2, y versiones 3.1.0 hasta 3.1.4, puede permitir a un usuario autenticado obtener acceso no autorizado a archivos y d... • https://fortiguard.com/advisory/FG-IR-20-202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26098
https://notcve.org/view.php?id=CVE-2021-26098
04 Aug 2021 — An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs. Un espacio pequeño de valores aleatorios en la API RPC de FortiSandbox versiones anteriores a 4.0.0, podría permitir a un atacante en posesión de algunas piezas de información sobre el estado del dispositivo predecir posiblemente los ID de sesión válidos • https://fortiguard.com/advisory/FG-IR-20-218 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22125
https://notcve.org/view.php?id=CVE-2021-22125
20 Jul 2021 — An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. Una instancia de neutralización inapropiada de elementos especiales en el módulo sniffer de FortiSandbox versiones anteriores a 3.2.2, puede permitir a un administrador autenticado ejecutar comandos en el shell del sistema subyacente por medio de la altera... • https://fortiguard.com/advisory/FG-IR-21-005 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29014
https://notcve.org/view.php?id=CVE-2020-29014
09 Jul 2021 — A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. Una ejecución concurrente usando recursos compartidos con una sincronización inapropiada ("race condition") en el shell de comandos de FortiSandbox versiones anteriores a 3.2.2, puede permitir a un atacante autenticado llevar el sis... • https://fortiguard.com/advisory/FG-IR-20-185 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •