Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
N/A
Vulnerability Title
Fortinet FortiSandbox 操作系统命令注入漏洞
Vulnerability Description
Fortinet FortiSandbox是美国飞塔(Fortinet)公司的一款APT(高级持续性威胁)防护设备。该设备提供双重沙盒技术、动态威胁智能系统、实时控制面板和报告等功能。 FortiSandbox 存在操作系统命令注入漏洞,该漏洞源于FortiSandbox嗅探模块输入验证不当。攻击者可利用该漏洞修改模块配置文件的内容并执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A