Fortinet

Fortisandbox

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2024-27779

  • EPSS 0.1%
  • Veröffentlicht 18.07.2025 07:58:23
  • Zuletzt bearbeitet 22.07.2025 17:07:27

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, ...

8.8

CVE-2021-26105

  • EPSS 0.1%
  • Veröffentlicht 24.03.2025 15:27:56
  • Zuletzt bearbeitet 24.07.2025 19:18:02

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically cra...

4.4

CVE-2024-54027

  • EPSS 0.02%
  • Veröffentlicht 17.03.2025 13:05:31
  • Zuletzt bearbeitet 24.07.2025 20:17:55

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged a...

8.8

CVE-2024-54026

  • EPSS 0.02%
  • Veröffentlicht 11.03.2025 14:54:38
  • Zuletzt bearbeitet 24.07.2025 18:46:17

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and...

7.2

CVE-2024-54018

  • EPSS 0.11%
  • Veröffentlicht 11.03.2025 14:54:37
  • Zuletzt bearbeitet 23.07.2025 15:37:06

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.

8.8

CVE-2024-52960

  • EPSS 0.08%
  • Veröffentlicht 11.03.2025 14:54:35
  • Zuletzt bearbeitet 24.07.2025 18:39:01

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized command...

8.8

CVE-2024-52961

  • EPSS 0.11%
  • Veröffentlicht 11.03.2025 14:54:30
  • Zuletzt bearbeitet 23.07.2025 15:07:53

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only per...

7.8

CVE-2024-45328

  • EPSS 0.02%
  • Veröffentlicht 11.03.2025 14:54:28
  • Zuletzt bearbeitet 24.07.2025 16:35:03

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

9

CVE-2024-27781

  • EPSS 0.12%
  • Veröffentlicht 11.02.2025 17:15:21
  • Zuletzt bearbeitet 22.07.2025 21:37:00

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and...

8.8

CVE-2024-27778

  • EPSS 0.22%
  • Veröffentlicht 14.01.2025 14:15:29
  • Zuletzt bearbeitet 31.01.2025 17:35:05

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission ...