FortiSandbox - Multiple heap corruption vulnerabilities in command shell

Summary

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

Affected Products

FortiSandbox 3.2.2 and below.
FortiSandbox 3.1.4 and below.

Solutions

Upgrade to FortiSandbox 4.0.0.

Upgrade to FortiSandbox 3.2.3.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet PSIRT.