CVE-2021-26098

Summary

An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiSandboxFortiSandbox before 4.0.0affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References