Overview
- Description
- Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-787
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FF1C5C7-9E7C-4DBD-AF52-3B5C011E4A6C",
"versionEndIncluding": "3.1.4"
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F485DCE0-8055-418B-A91D-F9D647F3BFD3",
"versionEndExcluding": "3.2.3",
"versionStartIncluding": "3.2.0"
}
],
"operator": "OR"
}
]
}
]