Multiple heap corruption vulnerabilities in FSA's command shell
Summary
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.
Affected Products
FortiSandbox 3.2.2 and below.
FortiSandbox 3.1.4 and below.
Solutions
Upgrade to FortiSandbox 4.0.0.
Upgrade to FortiSandbox 3.2.3.
Acknowledgement
Internally discovered and reported by Giuseppe Cocomazzi of Fortinet PSIRT.Timeline
2021-08-03: Initial publication