Race condition vulnerability in FSA's command shell Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-185 Final 1 1 2021-07-07T00:00:00 Current version 2021-07-07T00:00:00 2021-07-07T00:00:00 A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. Escalation of privilege FortiSandbox 3.2.1 and below.FortiSandbox 3.1.4 and below. Upgrade to version 4.0.0. or above. Upgrade to version 3.2.2 or above. Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team. CVE-2020-29014 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-185 Race condition vulnerability in FSA's command shell Reference>