PSIRT Advisories

FortiSandbox - Race condition vulnerability in command shell

Summary

A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.

Affected Products

FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below.

Solutions

Upgrade to version 4.0.0. or above. Upgrade to version 3.2.2 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team.