PSIRT Advisories

FortiSandbox - Command Injection in sniffer module

Summary

An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.

Affected Products

FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below.

Solutions

Upgrade to version 4.0.0 or above. Upgrade to version 3.2.2 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team.