CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54027
https://notcve.org/view.php?id=CVE-2024-54027
17 Mar 2025 — A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI. • https://fortiguard.fortinet.com/psirt/FG-IR-24-327 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54026
https://notcve.org/view.php?id=CVE-2024-54026
11 Mar 2025 — An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-353 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-52960
https://notcve.org/view.php?id=CVE-2024-52960
11 Mar 2025 — A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthor... • https://fortiguard.fortinet.com/psirt/FG-IR-24-305 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-52961
https://notcve.org/view.php?id=CVE-2024-52961
11 Mar 2025 — An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-306 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27781
https://notcve.org/view.php?id=CVE-2024-27781
11 Feb 2025 — An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27778
https://notcve.org/view.php?id=CVE-2024-27778
14 Jan 2025 — An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47540
https://notcve.org/view.php?id=CVE-2023-47540
09 Apr 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSandbox versión 4.4.0 a 4.4.2 y 4.... • https://fortiguard.com/psirt/FG-IR-23-411 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-31487
https://notcve.org/view.php?id=CVE-2024-31487
09 Apr 2024 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests. Una limitación inadecuada de un nombre de ruta a un directorio restringido ("path traversal") en Fortinet FortiSandbox versión 4.4.0 a 4.... • https://fortiguard.com/psirt/FG-IR-24-060 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-47541
https://notcve.org/view.php?id=CVE-2023-47541
09 Apr 2024 — An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI. Una limitación inadecuada de un nombre de ruta ... • https://fortiguard.com/psirt/FG-IR-23-416 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41844
https://notcve.org/view.php?id=CVE-2023-41844
13 Dec 2023 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versión 4.4... • https://fortiguard.com/psirt/FG-IR-23-214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •