CVE-2020-29014 — Race Condition in Fortinet Fortisandbox

CWE-362 — Race Condition4 documents4 sources

Severity

5.3MEDIUMNVD

CNA6.3

EPSS

0.5%

top 34.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisandbox Fortinet Fortisandbox

Timeline

PublishedJul 9

Latest updateMay 24

Description

A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortisandbox< 3.2.2

▶CVEListV5fortinet/fortinet_fortisandboxFortiSandbox before 3.2.2

🔴Vulnerability Details

GHSA

GHSA-vwxj-9wvq-7xh6: A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3↗2022-05-24

▶

CVEList

CVE-2020-29014: A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3↗2021-07-09

▶

📋Vendor Advisories

Fortinet

A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of Fo...↗2021-07-09

▶