Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2385 FortiSandbox Multiple Vulnerabilities 14 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FortiSandbox Publisher: Fortinet Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-22125 CVE-2021-29014 Original Bulletin: https://fortiguard.com/psirt/FG-IR-21-005 https://fortiguard.com/psirt/FG-IR-20-185 Comment: This bulletin contains two (2) Fortinet security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- FortiSandbox - Command Injection in sniffer module IR Number : FG-IR-21-005 Date : Jun 02, 2021 Risk : 3/5 CVSSv3 Score : 6.2 Impact : Execute unauthorized code or commands CVE ID : CVE-2021-22125 Affected Products: FortiSandbox: 3.2.2, 3.2.1, 3.2.0 Summary An instance of improper neutralization of special elements in FortiSandbox's sniffer module may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. Impact Execute unauthorized code or commands Affected Products FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below. Solutions Upgrade to version 4.0.0 or above. Upgrade to version 3.2.2 or above. Acknowledgement Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team. - -------------------------------------------------------------------------------- FortiSandbox - Race condition vulnerability in command shell IR Number : FG-IR-20-185 Date : Jun 02, 2021 Risk : 3/5 CVSSv3 Score : 6.3 Impact : Memory corruption CVE ID : CVE-2020-29014 Affected Products: FortiSandbox: 3.2.1, 3.2.0 Summary A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. Impact Memory corruption Affected Products FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below. Solutions Upgrade to version 4.0.0. or above. Upgrade to version 3.2.2 or above. Acknowledgement Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYO5wQONLKJtyKPYoAQg0NA//dEr/rEUhyTJ838SI8il/vJDsMoYiVkeW CxYmw9FVwgFyh/hmrmP+wRHQach+usJxPgY2mlK1nxbyNFX6j9629zPQd/MuBdZF 9542AcG/87Nk6ElX2VjMqr4Vx/XKoAFUZTpoUFvRM4zCLy6mAqTNtwOOpwRl/nno 2ECkhyCu6MuMTWLwyPNx8yM+jcIlHnz23tsWM+iaqqPgjYcshk873aq/tnUrqDBr B0/O6L4aJxuPIm5jDxDOEXoL6ykT65/aVsjf0vTyqyRL90tYrkJqBaMEof8FbqsF B16T+sEyuj2+mx8ZlOh+9y5cyQxrFVEXf/CVPRVKKAw/lgZwcZpl4kdZxVBsoclp jpWthUoeOuj2ywrENR+SqvrmL82mY+EB/AiDzsHM+Dsp1P33csJiJiqkV9xno2oo DUtcv0NmT494EDvo0336rXcFpPqBZu/f1taB++woD7uDqWQ1dM+2Hh2bjkqG7JF8 o10QlixoEAOk4Pj6WhRyHqXWZr71X4+9Xx9YYl7NnpQJ295rfsGhQguYjsDL4CdO 2E/+YU/tZ9tw3W3MstUNosNg9EtNxqWh9ZjlsFRYyhr34MhiLuaM+yUd3JGRNq9j 5b7vcReABvIFB9VIQm9Jxla0Vu0SZbFjfdpfcMYoqxJbsMKT/hvgzf520mZhbyTq zqq2722U6IQ= =ygkL -----END PGP SIGNATURE-----