CVE-2021-26098
published 2021-08-04CVE-2021-26098: An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet_fortisandbox | — | — |
| fortinet | fortisandbox | <= 3.1.4 | — |
| fortinet | fortisandbox | — | — |
| fortinet | fortisandbox | >= 3.2.0 < 3.2.3 | 3.2.3 |