CVE-2021-26105

Summary

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox3.2.2affected
FortinetFortiSandbox3.1.4affected

Weaknesses

  • CWE-358: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References