Fortinet

Fortisandbox

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-52960

  • EPSS 0.13%
  • Veröffentlicht 11.03.2025 14:54:35
  • Zuletzt bearbeitet 24.07.2025 18:39:01

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized command...

8.8

CVE-2024-52961

  • EPSS 0.16%
  • Veröffentlicht 11.03.2025 14:54:30
  • Zuletzt bearbeitet 14.01.2026 15:15:55

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandb...

7.8

CVE-2024-45328

  • EPSS 0.03%
  • Veröffentlicht 11.03.2025 14:54:28
  • Zuletzt bearbeitet 24.07.2025 16:35:03

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

9

CVE-2024-27781

  • EPSS 0.27%
  • Veröffentlicht 11.02.2025 17:15:21
  • Zuletzt bearbeitet 14.01.2026 14:16:10

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, For...

8.8

CVE-2024-27778

  • EPSS 0.32%
  • Veröffentlicht 14.01.2025 14:15:29
  • Zuletzt bearbeitet 14.01.2026 15:15:54

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions,...

6.5

CVE-2024-31490

  • EPSS 0.52%
  • Veröffentlicht 10.09.2024 15:15:15
  • Zuletzt bearbeitet 14.01.2026 14:16:10

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2.2 through 3.2.4, FortiSandbox 3.1.5 allows att...

8.8

CVE-2024-31491

  • EPSS 1.13%
  • Veröffentlicht 14.05.2024 17:17:24
  • Zuletzt bearbeitet 14.01.2026 15:15:54

A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.

6.5

CVE-2024-31487

  • EPSS 0.39%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 14.01.2026 14:16:10

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox ...

8.1

CVE-2024-23671

  • EPSS 0.83%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 14.01.2026 14:16:10

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized co...

8.8

CVE-2024-21756

  • EPSS 1.05%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 14.01.2026 14:16:09

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute una...