FortiSandbox - Predictable session IDs of JSON API
Summary
An instance of small space of random values in FortiSandbox RPC API may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
Affected Products
FortiSandbox version 3.2.2 and below.
FortiSandbox version 3.1.4 and below.
Solutions
Upgrade to FortiSandbox version 4.0.0.
Upgrade to FortiSandbox version 3.2.3.