Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortisandbox vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-22125
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox prior to 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.
Fortinet Fortisandbox
7.8
CVSSv2
CVE-2021-22124
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 up to and including 3.2.2, 3.1.0 up to and including 3.1.4, and 3.0.0 up to and including 3.0.6; and FortiAuthenticator prior to 6.0.6 may allow an unauthenticated ma...
Fortinet Fortiauthenticator
Fortinet Fortisandbox
6.5
CVSSv2
CVE-2021-26096
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox prior to 4.0.0 may allow an authenticated malicious user to manipulate memory and alter its content by means of specifically crafted command line arguments.
Fortinet Fortisandbox
6.5
CVSSv2
CVE-2020-29011
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 up to and including 3.2.2, and 3.1.0 up to and including 3.1.4 may allow an authenticated malicious user to execute unauthorized code on the underlying SQL interpret...
Fortinet Fortisandbox
6.5
CVSSv2
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 up to and including 3.2.2, 3.1.0 up to and including 3.1.4, and 3.0.0 up to and including 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unaut...
Fortinet Fortisandbox
6.3
CVSSv2
CVE-2020-29014
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox prior to 3.2.2 may allow an authenticated malicious user to bring the system into an unresponsive state via specifically orchestrated seque...
Fortinet Fortisandbox
5.8
CVSSv2
CVE-2016-8495
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 up to and including 5.2.7 and 5.4.0 up to and including 5.4.1 allows remote malicious user to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing fea...
Fortinet Fortimanager Firmware 5.2.7
Fortinet Fortimanager Firmware 5.0.11
Fortinet Fortimanager Firmware 5.0.3
Fortinet Fortimanager Firmware 5.0.10
Fortinet Fortimanager Firmware 5.2.2
Fortinet Fortimanager Firmware 5.2.3
Fortinet Fortimanager Firmware 5.0.4
Fortinet Fortimanager Firmware 5.0.5
Fortinet Fortimanager Firmware 5.2.1
Fortinet Fortimanager Firmware 5.2.0
Fortinet Fortimanager Firmware 5.0.8
Fortinet Fortimanager Firmware 5.0.9
Fortinet Fortimanager Firmware 5.2.4
Fortinet Fortimanager Firmware 5.2.6
Fortinet Fortimanager Firmware 5.0.6
Fortinet Fortimanager Firmware 5.0.7
Fortinet Fortimanager Firmware 5.4.1
Fortinet Fortimanager Firmware 5.4.0
5.5
CVSSv2
CVE-2020-29013
An improper input validation vulnerability in the sniffer interface of FortiSandbox prior to 3.2.2 may allow an authenticated malicious user to silently halt the sniffer via specifically crafted requests.
Fortinet Fortisandbox
Fortinet Fortisandbox 3.2.0
Fortinet Fortisandbox 3.2.1
5
CVSSv2
CVE-2020-29012
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an malicious user to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session I...
Fortinet Fortisandbox
5
CVSSv2
CVE-2021-26098
An instance of small space of random values in the RPC API of FortiSandbox prior to 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
Fortinet Fortisandbox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »