CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41843
https://notcve.org/view.php?id=CVE-2023-41843
13 Oct 2023 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versión 4.4.1 y 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 permite al atacante ejecutar código no autorizado o coman... • https://fortiguard.com/psirt/FG-IR-23-273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41680
https://notcve.org/view.php?id=CVE-2023-41680
13 Oct 2023 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versi... • https://fortiguard.com/psirt/FG-IR-23-311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41681
https://notcve.org/view.php?id=CVE-2023-41681
13 Oct 2023 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versi... • https://fortiguard.com/psirt/FG-IR-23-311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-41682
https://notcve.org/view.php?id=CVE-2023-41682
13 Oct 2023 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. Una limitación inadecuada de un nombre de ruta a un directorio restringido ("path traversal") en Fortinet FortiSandbox versión 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 y 3.2.0 a 3.2.4 y 2.5. 0 a 2.5.2 y 2.4.1 y 2.4.... • https://fortiguard.com/psirt/FG-IR-23-280 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2022-22305
https://notcve.org/view.php?id=CVE-2022-22305
01 Sep 2023 — An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiManager v7.0.1 y versiones inferiores, v6.4.6 y versiones inferiore... • https://fortiguard.com/psirt/FG-IR-18-292 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27485
https://notcve.org/view.php?id=CVE-2022-27485
11 Apr 2023 — A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4... • https://fortiguard.com/psirt/FG-IR-22-060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27487
https://notcve.org/view.php?id=CVE-2022-27487
11 Apr 2023 — A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. • https://fortiguard.com/psirt/FG-IR-22-056 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-26115
https://notcve.org/view.php?id=CVE-2022-26115
16 Feb 2023 — A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. • https://fortiguard.com/psirt/FG-IR-20-220 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-30305
https://notcve.org/view.php?id=CVE-2022-30305
06 Dec 2022 — An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. Una vulnerabilidad de registro insuficiente [CWE-778] en las v... • https://fortiguard.com/psirt/FG-IR-21-170 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-778: Insufficient Logging •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29013
https://notcve.org/view.php?id=CVE-2020-29013
06 Apr 2022 — An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. Una vulnerabilidad de comprobación de entrada inapropiada en la interfaz del sniffer de FortiSandbox versiones anteriores a 3.2.2, puede permitir a un atacante autenticado detener silenciosamente el sniffer por medio de peticiones específicamente diseñadas • https://fortiguard.com/advisory/FG-IR-20-178 • CWE-20: Improper Input Validation •