CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-31487
https://notcve.org/view.php?id=CVE-2024-31487
09 Apr 2024 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests. Una limitación inadecuada de un nombre de ruta a un directorio restringido ("path traversal") en Fortinet FortiSandbox versión 4.4.0 a 4.... • https://fortiguard.com/psirt/FG-IR-24-060 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-47541
https://notcve.org/view.php?id=CVE-2023-47541
09 Apr 2024 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI. Una limitación inadecuada de un nombre de ruta ... • https://fortiguard.com/psirt/FG-IR-23-416 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41843
https://notcve.org/view.php?id=CVE-2023-41843
13 Oct 2023 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versión 4.4.1 y 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 permite al atacante ejecutar código no autorizado o coman... • https://fortiguard.com/psirt/FG-IR-23-273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41680
https://notcve.org/view.php?id=CVE-2023-41680
13 Oct 2023 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versi... • https://fortiguard.com/psirt/FG-IR-23-311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41681
https://notcve.org/view.php?id=CVE-2023-41681
13 Oct 2023 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versi... • https://fortiguard.com/psirt/FG-IR-23-311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-41682
https://notcve.org/view.php?id=CVE-2023-41682
13 Oct 2023 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. Una limitación inadecuada de un nombre de ruta a un directorio restringido ("path traversal") en Fortinet FortiSandbox versión 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 y 3.2.0 a 3.2.4 y 2.5. 0 a 2.5.2 y 2.4.1 y 2.4.... • https://fortiguard.com/psirt/FG-IR-23-280 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27487
https://notcve.org/view.php?id=CVE-2022-27487
11 Apr 2023 — A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. • https://fortiguard.com/psirt/FG-IR-22-056 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29013
https://notcve.org/view.php?id=CVE-2020-29013
06 Apr 2022 — An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. Una vulnerabilidad de comprobación de entrada inapropiada en la interfaz del sniffer de FortiSandbox versiones anteriores a 3.2.2, puede permitir a un atacante autenticado detener silenciosamente el sniffer por medio de peticiones específicamente diseñadas • https://fortiguard.com/advisory/FG-IR-20-178 • CWE-20: Improper Input Validation •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29012
https://notcve.org/view.php?id=CVE-2020-29012
08 Sep 2021 — An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) Una vulnerabilidad de expiración de sesión insuficiente en FortiSandbox versiones 3.2.1 y posteriores, puede permitir a un atacante reusar los ID de sesión del usuario administrador no caducados para ob... • https://fortiguard.com/advisory/FG-IR-20-070 • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15939
https://notcve.org/view.php?id=CVE-2020-15939
06 Sep 2021 — An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. Una vulnerabilidad de control de acceso inapropiado (CWE-284) en FortiSandbox versiones 3.2.1 y por debajo y 3.1.4 y por debajo, puede permitir a un atacante autenticado y sin privilegios descargar el archivo de configuración del dispositivo por medio de la URL de recuperación. • https://fortiguard.com/advisory/FG-IR-20-071 •