Vulnerabilities > Fortinet > Fortisandbox > 3.1.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-08 | CVE-2020-29012 | Insufficient Session Expiration vulnerability in Fortinet Fortisandbox An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 5.0 |
2021-07-20 | CVE-2021-22125 | OS Command Injection vulnerability in Fortinet Fortisandbox An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. | 9.0 |