cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-29013,https://securityvulnerability.io/vulnerability/CVE-2020-29013,Improper Input Validation in FortiSandbox Sniffer Interface,"FortiSandbox, a product by Fortinet, has a vulnerability within its sniffer interface that arises from improper input validation. This flaw allows an authenticated attacker to exploit the system by sending specifically crafted requests, which can lead to the silent halting of the sniffer functionality. This vulnerability stresses the importance of robust input validation in order to safeguard against unauthorized disruptions and potential abuse of the system.",Fortinet,Fortinet Fortisandbox,5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2022-04-06T09:05:11.000Z,0
CVE-2021-32591,https://securityvulnerability.io/vulnerability/CVE-2021-32591,Cryptographic Vulnerability in Fortinet Products Impacting User Credential Security,"A vulnerability exists in Fortinet products due to missing cryptographic steps in the function that encrypts user credentials for LDAP and RADIUS services. This oversight may enable attackers with access to the password store to compromise the confidentiality of sensitive information, thereby potentially exposing user data to unauthorized access. The affected versions include FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, and FortiMail 7.0.1 and earlier.",Fortinet,Fortinet Fortisandbox,5.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-12-08T11:56:06.000Z,0
CVE-2020-29012,https://securityvulnerability.io/vulnerability/CVE-2020-29012,Insufficient Session Expiration in FortiSandbox by Fortinet,"FortiSandbox versions 3.2.1 and earlier have an insufficient session expiration vulnerability. This flaw enables attackers to exploit unexpired administrative user session IDs, potentially allowing unauthorized access to information about other users configured on the device. If attackers can obtain a valid session ID through hypothetical methods, they may compromise other user sessions, posing a significant security risk.",Fortinet,Fortinet Fortisandbox,5.6,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-09-08T10:26:31.000Z,0
CVE-2020-15939,https://securityvulnerability.io/vulnerability/CVE-2020-15939,Improper Access Control in FortiSandbox by Fortinet,"An improper access control vulnerability in FortiSandbox versions 3.2.1 and earlier, as well as 3.1.4 and earlier, could potentially enable an authenticated, but unprivileged, attacker to exploit the system. By accessing a recovery URL, the attacker may be able to download sensitive device configuration files, which could lead to further security risks and unauthorized access.",Fortinet,Fortinet Fortisandbox,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-06T15:19:38.000Z,0
CVE-2021-22124,https://securityvulnerability.io/vulnerability/CVE-2021-22124,Denial of Service Vulnerability in FortiSandbox and FortiAuthenticator,"An uncontrolled resource consumption vulnerability exists in the login modules of FortiSandbox and FortiAuthenticator. This vulnerability allows an unauthenticated attacker to exploit the system by sending specifically crafted long request parameters, potentially leading to a denial of service condition and causing the device to become unresponsive.",Fortinet,"Fortinet Fortisandbox, Fortiauthenticator",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2021-08-04T18:18:25.000Z,0
CVE-2021-24014,https://securityvulnerability.io/vulnerability/CVE-2021-24014,XSS Vulnerability in FortiSandbox by Fortinet,"An XSS vulnerability exists in FortiSandbox versions before 4.0.0, where improper neutralization of input during web page generation can permit unauthenticated attackers to craft and send malicious requests. This exploitation can lead to the execution of harmful scripts in the context of the web application, potentially compromising the security of users and their sessions.",Fortinet,Fortinet Fortisandbox,5.4,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2021-08-04T18:11:11.000Z,0
CVE-2021-26096,https://securityvulnerability.io/vulnerability/CVE-2021-26096,Heap-Based Buffer Overflow in FortiSandbox Command Shell,"The vulnerability involves multiple instances of heap-based buffer overflow found in the command shell of FortiSandbox prior to version 4.0.0. An authenticated attacker could exploit this weakness by using specially crafted command line arguments, which may lead to memory manipulation and undesired alterations of its content. As a result, the integrity of the system could be compromised, emphasizing the importance of timely updates and security measures.",Fortinet,Fortinet Fortisandbox,6.4,MEDIUM,0.0009599999757483602,false,,false,false,false,,,false,false,,2021-08-04T17:57:07.000Z,0
CVE-2021-26097,https://securityvulnerability.io/vulnerability/CVE-2021-26097,OS Command Injection Vulnerability in FortiSandbox by Fortinet,"An improper neutralization of special elements in FortiSandbox allows authenticated attackers to exploit the web GUI, facilitating unauthorized command execution through specially crafted HTTP requests. This vulnerability affects multiple versions across FortiSandbox, underscoring the importance of promptly addressing security measures to mitigate potential exploitation risks.",Fortinet,Fortinet Fortisandbox,8.8,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-08-04T15:54:53.000Z,0
CVE-2020-29011,https://securityvulnerability.io/vulnerability/CVE-2020-29011,SQL Injection Vulnerabilities in FortiSandbox by Fortinet,"FortiSandbox versions 3.2.0 to 3.2.2 and 3.1.0 to 3.1.4 exhibit SQL Injection vulnerabilities in their checksum search and MTA-quarantine modules. These weaknesses enable authenticated attackers to craft malicious HTTP requests that exploit the underlying SQL interpreter, potentially leading to unauthorized code execution. Implementing recommended security measures is crucial for safeguarding systems against these attacks.",Fortinet,Fortinet Fortisandbox,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2021-08-04T15:26:11.000Z,0
CVE-2021-24010,https://securityvulnerability.io/vulnerability/CVE-2021-24010,Improper Limitation of Pathname Vulnerability in FortiSandbox by Fortinet,"An improper limitation of a pathname to a restricted directory vulnerability exists in FortiSandbox versions 3.1.0 through 3.2.2. This flaw allows an authenticated user to leverage specifically crafted web requests to gain unauthorized access to sensitive files and data, potentially compromising the integrity and confidentiality of the affected systems. Prompt action is required to mitigate the risks associated with these affected versions.",Fortinet,Fortinet Fortisandbox,8.1,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2021-08-04T14:57:06.000Z,0
CVE-2021-26098,https://securityvulnerability.io/vulnerability/CVE-2021-26098,Random Value Predictability in FortiSandbox RPC API by Fortinet,"The RPC API of FortiSandbox versions prior to 4.0.0 contains a vulnerability that allows an attacker with limited knowledge about the device to potentially predict valid session IDs. This security issue stems from a small space of random values that can be exploited, enabling unauthorized access to sessions. It is crucial for users to implement security measures to mitigate the risks associated with this vulnerability.",Fortinet,Fortinet Fortisandbox,5.3,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-08-04T13:20:48.000Z,0
CVE-2021-22125,https://securityvulnerability.io/vulnerability/CVE-2021-22125,Improper Neutralization Vulnerability in FortiSandbox by Fortinet,"An improper neutralization vulnerability exists in the sniffer module of FortiSandbox that could allow an authenticated administrator to manipulate the configuration file. This manipulation can lead to unauthorized command execution on the system's underlying shell, posing a significant security risk. Organizations using vulnerable versions of FortiSandbox should apply the necessary updates to mitigate potential exploits.",Fortinet,Fortinet Fortisandbox,6.3,MEDIUM,0.002199999988079071,false,,false,false,false,,,false,false,,2021-07-20T10:28:15.000Z,0
CVE-2020-29014,https://securityvulnerability.io/vulnerability/CVE-2020-29014,Race Condition Vulnerability in FortiSandbox Command Shell,"A race condition vulnerability in the command shell of FortiSandbox prior to version 3.2.2 can be exploited by authenticated users. By executing a sequence of carefully crafted commands, an attacker may manipulate the execution flow, leading to a state where the system becomes unresponsive. This flaw underscores the importance of proper synchronization when handling concurrent executions.",Fortinet,Fortinet Fortisandbox,6.3,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2021-07-09T18:26:29.000Z,0