FG-IR-20-185: Race condition vulnerability in FSA's command shell
First published: Wed Jul 07 2021(Updated: )
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSandbox Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of FG-IR-20-185?
The severity of FG-IR-20-185 is classified as high due to the potential for an authenticated attacker to cause a denial of service.
How do I fix FG-IR-20-185?
To fix FG-IR-20-185, apply the latest firmware updates from Fortinet for FortiSandbox.
What systems are affected by FG-IR-20-185?
FG-IR-20-185 affects Fortinet FortiSandbox systems that are running vulnerable firmware.
What kind of attack does FG-IR-20-185 describe?
FG-IR-20-185 describes a race condition attack that can render the FortiSandbox system unresponsive.
Who can exploit FG-IR-20-185?
FG-IR-20-185 can be exploited by authenticated attackers who can execute orchestrated command sequences.
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2020-29014
- agent/last-modified-date
- agent/type
- collector/fortiguard-psirt
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortisandbox firmware