Fortinet

Fortisandbox

44 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2024-27779

  • EPSS 0.1%
  • Published 18.07.2025 07:58:23
  • Last modified 22.07.2025 17:07:27

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, ...

8.8

CVE-2021-26105

  • EPSS 0.1%
  • Published 24.03.2025 15:27:56
  • Last modified 24.07.2025 19:18:02

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically cra...

4.4

CVE-2024-54027

  • EPSS 0.02%
  • Published 17.03.2025 13:05:31
  • Last modified 24.07.2025 20:17:55

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged a...

8.8

CVE-2024-54026

  • EPSS 0.02%
  • Published 11.03.2025 14:54:38
  • Last modified 24.07.2025 18:46:17

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and...

7.2

CVE-2024-54018

  • EPSS 0.11%
  • Published 11.03.2025 14:54:37
  • Last modified 23.07.2025 15:37:06

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.

8.8

CVE-2024-52960

  • EPSS 0.08%
  • Published 11.03.2025 14:54:35
  • Last modified 24.07.2025 18:39:01

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized command...

8.8

CVE-2024-52961

  • EPSS 0.11%
  • Published 11.03.2025 14:54:30
  • Last modified 23.07.2025 15:07:53

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only per...

7.8

CVE-2024-45328

  • EPSS 0.02%
  • Published 11.03.2025 14:54:28
  • Last modified 24.07.2025 16:35:03

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

9

CVE-2024-27781

  • EPSS 0.12%
  • Published 11.02.2025 17:15:21
  • Last modified 22.07.2025 21:37:00

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and...

8.8

CVE-2024-27778

  • EPSS 0.22%
  • Published 14.01.2025 14:15:29
  • Last modified 31.01.2025 17:35:05

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission ...