CVE-2021-22125: Command Injection in FSA sniffer module
First published: Wed Jul 07 2021(Updated: )
An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSandbox | <3.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this FortiSandbox vulnerability?
The vulnerability ID is CVE-2021-22125.
What is the title of this FortiSandbox vulnerability?
The title of this vulnerability is 'An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.'
What is the severity of CVE-2021-22125?
The severity of CVE-2021-22125 is critical with a CVSS score of 7.2.
Which software versions are affected by CVE-2021-22125?
FortiSandbox versions up to and excluding 3.2.2 are affected by this vulnerability.
How can an authenticated administrator exploit this vulnerability?
By altering the content of the configuration file in the sniffer module of FortiSandbox, an authenticated administrator can execute commands on the underlying system's shell.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2021-22125
- collector/fortiguard-psirt
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortisandbox