FG-IR-20-198: [FortiSandbox] - Command injection in FSA's web interface
First published: Tue Aug 03 2021(Updated: )
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSandbox Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of FG-IR-20-198?
FG-IR-20-198 is classified as a high severity vulnerability due to its potential to allow unauthorized code execution.
How do I fix FG-IR-20-198?
To remediate FG-IR-20-198, ensure that you update FortiSandbox to the latest firmware version provided by Fortinet.
Who is affected by FG-IR-20-198?
Any authenticated user with access to the web GUI of FortiSandbox is potentially affected by FG-IR-20-198.
What type of attack is related to FG-IR-20-198?
FG-IR-20-198 relates to an OS command injection attack that can be exploited via crafted HTTP requests.
Can FG-IR-20-198 be exploited remotely?
FG-IR-20-198 requires authenticated access to the web GUI, thus it cannot be exploited remotely by unauthenticated users.
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2021-26097
- agent/last-modified-date
- agent/type
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- collector/fortiguard-psirt
- agent/title
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortisandbox firmware