CVE-2021-26096 MEDIUM

CVE-2021-26096

Vendor Fortinet
Product Fortinet FortiSandbox
Published August 4, 2021
Last update October 25, 2024

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L/E:X/RL:X/RC:X

What the vulnerability does

01Description

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

Key dates

02Disclosure timeline

August 4, 2021 CVE published
October 25, 2024 Record updated