CVE-2021-26096

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGH
EPSS
0.5%
top 33.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisandboxFortinet Fortinet Fortisandbox
Timeline
PublishedAug 4
Latest updateMay 24

Description

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:LExploitability: 1.6 | Impact: 4.7

Affected Packages2 packages

NVDfortinet/fortisandbox3.2.03.2.3+1
CVEListV5fortinet/fortinet_fortisandboxFortiSandbox before 4.0.0

🔴Vulnerability Details

2
GHSA
GHSA-w667-46wg-c64r: Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 42022-05-24
CVEList
CVE-2021-26096: Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 42021-08-04

📋Vendor Advisories

1
Fortinet
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenti...2021-08-04
CVE-2021-26096 (HIGH CVSS 8.8) | Multiple instances of heap-based bu | cvebase.io