8.8
CVE-2024-31491
- EPSS 1.13%
- Veröffentlicht 14.05.2024 17:17:24
- Zuletzt bearbeitet 14.01.2026 15:15:54
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
LoginA client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortisandbox Version >= 4.2.0 < 4.2.7
Fortinet ≫ Fortisandbox Version >= 4.4.0 < 4.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.78 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-602 Client-Side Enforcement of Server-Side Security
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.