CVE-2021-22125

Name of the Vulnerable Software and Affected Versions FortiSandbox versions prior to 3.2.2

Description The issue exists due to improper neutralization of special elements used in operating system commands. This could allow a remote attacker to execute arbitrary code or commands. An authenticated administrator may also be able to execute commands on the underlying system's shell by altering the content of its configuration file.

Recommendations For FortiSandbox versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to prevent alteration by unauthorized users. Additionally, limit the privileges of authenticated administrators to minimize the risk of exploitation.