Fortinet

Fortisandbox

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-52961

  • EPSS 0.13%
  • Veröffentlicht 11.03.2025 14:54:30
  • Zuletzt bearbeitet 23.07.2025 15:07:53

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only per...

7.8

CVE-2024-45328

  • EPSS 0.03%
  • Veröffentlicht 11.03.2025 14:54:28
  • Zuletzt bearbeitet 24.07.2025 16:35:03

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

9

CVE-2024-27781

  • EPSS 0.27%
  • Veröffentlicht 11.02.2025 17:15:21
  • Zuletzt bearbeitet 22.07.2025 21:37:00

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and...

8.8

CVE-2024-27778

  • EPSS 0.32%
  • Veröffentlicht 14.01.2025 14:15:29
  • Zuletzt bearbeitet 31.01.2025 17:35:05

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission ...

6.5

CVE-2024-31490

  • EPSS 0.38%
  • Veröffentlicht 10.09.2024 15:15:15
  • Zuletzt bearbeitet 20.09.2024 19:48:42

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP ge...

8.8

CVE-2024-31491

  • EPSS 1.13%
  • Veröffentlicht 14.05.2024 17:17:24
  • Zuletzt bearbeitet 02.01.2025 18:35:20

A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.

6.5

CVE-2024-31487

  • EPSS 0.53%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 23.12.2024 15:05:45

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3....

8.1

CVE-2024-23671

  • EPSS 0.83%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 23.12.2024 15:04:06

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted...

8.8

CVE-2024-21756

  • EPSS 1.05%
  • Veröffentlicht 09.04.2024 15:15:31
  • Zuletzt bearbeitet 23.12.2024 15:02:00

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands...

8.8

CVE-2024-21755

  • EPSS 1.05%
  • Veröffentlicht 09.04.2024 15:15:30
  • Zuletzt bearbeitet 23.12.2024 14:58:10

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands...