CVE-2021-26096

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

Published: Aug 4, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-26096
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortisandbox	-	3.1.4.x
fortinet / fortisandbox	3.2.0	3.2.3

https://fortiguard.com/advisory/FG-IR-20-188

Vulnerability Database

289,871

CVE-2021-26096