CVE-2021-26098 is a vulnerability in Fortinet Fortisandbox
Published on August 4, 2021
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
Vulnerability Analysis
CVE-2021-26098 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Products Associated with CVE-2021-26098
Want to know whenever a new CVE is published for Fortinet Fortisandbox? stack.watch will email you.
Affected Versions
Fortinet FortiSandbox Version FortiSandbox before 4.0.0 is affected by CVE-2021-26098Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.