cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-27781,https://securityvulnerability.io/vulnerability/CVE-2024-27781,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox,"An input validation flaw in Fortinet FortiSandbox versions ranging from 3.0.0 to 4.4.4 enables authenticated attackers to execute unauthorized commands through specially crafted HTTP requests. The vulnerability occurs due to improper handling of input during web page generation, allowing the execution of malicious scripts that can compromise the security of the affected system.",Fortinet,Fortisandbox,6.9,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T16:09:12.324Z,0
CVE-2024-31490,https://securityvulnerability.io/vulnerability/CVE-2024-31490,FortiSandbox vulnerability exposes sensitive information to unauthorized actors via HTTP get requests,An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.,Fortinet,Fortisandbox,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-09-10T14:37:45.103Z,0
CVE-2024-31491,https://securityvulnerability.io/vulnerability/CVE-2024-31491,Client-Side Security Vulnerability in Fortinet FortiSandbox Products,"A security vulnerability exists in Fortinet FortiSandbox versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6, whereby client-side enforcement mechanisms fail to adequately control server-side security protocols. This allows attackers to exploit the weak enforcement, enabling them to execute unauthorized code or commands through specially crafted HTTP requests. This flaw potentially exposes Fortinet users to significant security risks, necessitating swift patching and mitigation measures. For further details, visit Fortinet's official advisory at [FortiGuard PSIRT](https://fortiguard.com/psirt/FG-IR-24-054).",Fortinet,Fortisandbox,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-14T16:19:02.974Z,0
CVE-2024-21755,https://securityvulnerability.io/vulnerability/CVE-2024-21755,FortiSandbox Command Injection Vulnerability,"An improper neutralization of special elements in OS commands, known as os command injection, has been identified in Fortinet FortiSandbox versions ranging from 4.0.0 to 4.4.3. This vulnerability allows attackers to execute unauthorized commands or code by sending specially crafted requests to the affected system. Successful exploitation of this flaw can compromise the integrity of the system and potentially lead to further unauthorized access to sensitive data. Users of the affected versions are advised to apply the necessary updates to mitigate this security risk.",Fortinet,Fortisandbox,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-04-09T14:24:25.073Z,0
CVE-2024-21756,https://securityvulnerability.io/vulnerability/CVE-2024-21756,FortiSandbox Command Injection Vulnerability,"An improper neutralization of special elements used in operating system commands, known as OS command injection, affects multiple versions of Fortinet's FortiSandbox product. This vulnerability allows an attacker to execute unauthorized code or commands by sending specially crafted requests. Affected versions include FortiSandbox versions 4.4.0 to 4.4.3, 4.2.0 to 4.2.6, and 4.0.0 to 4.0.4. Organizations utilizing these versions should consider applying the latest patches or updates to mitigate potential risks and enhance security.",Fortinet,Fortisandbox,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-04-09T14:24:24.441Z,0
CVE-2023-47540,https://securityvulnerability.io/vulnerability/CVE-2023-47540,FortiSandbox Command Injection Vulnerability,An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI.,Fortinet,Fortisandbox,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-09T14:24:23.806Z,0
CVE-2024-31487,https://securityvulnerability.io/vulnerability/CVE-2024-31487,FortiSandbox Path Traversal Vulnerability Could Lead to Information Disclosure,A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests.,Fortinet,Fortisandbox,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-04-09T14:24:21.862Z,0
CVE-2024-23671,https://securityvulnerability.io/vulnerability/CVE-2024-23671,FortiSandbox Path Traversal Vulnerability Allows Unauthorized Code Execution,"A vulnerability has been identified within Fortinet FortiSandbox that involves an improper limitation of a pathname, allowing path traversal to occur. This weakness exists in FortiSandbox versions 4.4.0 to 4.4.3, 4.2.0 to 4.2.6, and 4.0.0 to 4.0.4. An attacker could exploit this vulnerability to execute unauthorized commands or code by sending specially crafted HTTP requests. Organizations using the affected versions are encouraged to apply necessary security measures to prevent potential exploitation.",Fortinet,Fortisandbox,8.1,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-09T14:24:20.543Z,0
CVE-2023-47541,https://securityvulnerability.io/vulnerability/CVE-2023-47541,Path Traversal Vulnerability in Fortinet FortiSandbox,"A vulnerability exists in Fortinet FortiSandbox that allows an attacker to exploit an improper limitation of pathname to a restricted directory, commonly known as path traversal. This flaw affects multiple versions of FortiSandbox, enabling unauthorized code execution or command execution via the command line interface (CLI). It represents a significant risk as it can be leveraged by attackers to compromise the security of affected systems. Users of FortiSandbox are advised to apply the necessary patches and implement security measures to mitigate potential attacks.",Fortinet,Fortisandbox,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-09T14:24:20.501Z,0
CVE-2023-45587,https://securityvulnerability.io/vulnerability/CVE-2023-45587,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox,"Fortinet FortiSandbox contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through improperly sanitized input during web page generation. Specifically affecting versions 4.4.1, 4.4.0, and earlier editions, this flaw could permit unauthorized execution of code or commands via specially crafted HTTP requests. Organizations using affected FortiSandbox versions are urged to implement necessary security measures to mitigate the risks associated with this vulnerability.",Fortinet,Fortisandbox,3.4,LOW,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0
CVE-2023-41844,https://securityvulnerability.io/vulnerability/CVE-2023-41844,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox Products,"An input validation flaw has been identified in the Fortinet FortiSandbox that permits cross-site scripting. This vulnerability affects multiple versions, enabling potential attackers to execute unauthorized scripts or commands via specially crafted HTTP requests directed at the capture traffic endpoint. Users are strongly advised to apply the necessary patches to mitigate the risks associated with this vulnerability.",Fortinet,Fortisandbox,3.4,LOW,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-12-13T07:15:00.000Z,0
CVE-2023-41680,https://securityvulnerability.io/vulnerability/CVE-2023-41680,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox Products,"An improper neutralization of input during the web page generation in Fortinet FortiSandbox allows attackers to exploit cross-site scripting vulnerabilities. This can result in the execution of unauthorized code or commands through specially crafted HTTP requests. Affected versions span multiple releases, indicating a widespread risk across the FortiSandbox product line. For detailed information, visit the FortiGuard advisory.",Fortinet,Fortisandbox,7.3,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-10-13T15:15:00.000Z,0
CVE-2023-41843,https://securityvulnerability.io/vulnerability/CVE-2023-41843,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox,"A cross-site scripting vulnerability exists in Fortinet FortiSandbox across several versions, including 4.4.1, 4.4.0, 4.2.0 through 4.2.5, and 4.0.0 through 4.0.3. This vulnerability arises from improper neutralization of user inputs during web page generation, enabling malicious actors to execute unauthorized code or commands through specially crafted HTTP requests. Organizations using the affected versions are encouraged to implement the necessary security measures to safeguard their systems.",Fortinet,Fortisandbox,7.3,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-10-13T15:15:00.000Z,0
CVE-2023-41836,https://securityvulnerability.io/vulnerability/CVE-2023-41836,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox Products,"An improper neutralization of input during web page generation in multiple versions of Fortinet's FortiSandbox could allow an attacker to execute unauthorized commands through meticulously crafted HTTP requests. This vulnerability highlights the importance of secure input handling in web applications, making it critical for users to update their FortiSandbox installations to versions that address this issue.",Fortinet,Fortisandbox,3.4,LOW,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-10-13T15:15:00.000Z,0
CVE-2023-41682,https://securityvulnerability.io/vulnerability/CVE-2023-41682,Path Traversal Vulnerability in Fortinet FortiSandbox Products,"A path traversal vulnerability in Fortinet FortiSandbox allows an attacker to craft HTTP requests that manipulate the pathname, potentially leading to a denial of service. This flaw is present across multiple versions of the FortiSandbox product line, including versions from 4.4.0 down to 2.4.0. Exploitation of this vulnerability could significantly impact the availability of the affected system.",Fortinet,Fortisandbox,7.9,HIGH,0.0022700000554323196,false,,false,false,false,,,false,false,,2023-10-13T15:15:00.000Z,0
CVE-2023-41681,https://securityvulnerability.io/vulnerability/CVE-2023-41681,Cross-Site Scripting in Fortinet FortiSandbox,"An improper neutralization of input during web page generation in Fortinet FortiSandbox allows attackers to execute unauthorized code or commands by sending specially crafted HTTP requests. This cross-site scripting vulnerability affects multiple versions of the product, posing significant risks to users' web applications and data integrity. Regular updates and proper input validation practices are essential to mitigate such vulnerabilities.",Fortinet,Fortisandbox,7.3,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-10-13T15:15:00.000Z,0
CVE-2022-22305,https://securityvulnerability.io/vulnerability/CVE-2022-22305,Improper Certificate Validation in Fortinet's FortiManager and FortiAnalyzer Products,"An improper certificate validation flaw exists in various Fortinet products, including FortiManager and FortiAnalyzer, allowing an unauthenticated network adjacent attacker to execute a man-in-the-middle (MitM) attack. This vulnerability can potentially compromise the confidentiality and integrity of communication between affected devices and external peers, leading to critical security implications for affected users. Affected users should apply the necessary patches and updates as provided by Fortinet to safeguard their systems.",Fortinet,"Fortianalyzer,Fortisandbox,Fortimanager",5.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-09-01T11:43:03.878Z,0
CVE-2022-27485,https://securityvulnerability.io/vulnerability/CVE-2022-27485,SQL Injection Vulnerability in Fortinet FortiSandbox Product,"An SQL injection vulnerability exists in multiple versions of Fortinet's FortiSandbox, which allows an authenticated user with read permissions to execute crafted HTTP requests. This flaw permits remote attackers to access sensitive files on the underlying Linux system, thereby posing a serious risk to data confidentiality. Organizations using affected versions of FortiSandbox should take immediate action to remediate this vulnerability.",Fortinet,Fortisandbox,6.2,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-04-11T16:07:08.880Z,0
CVE-2022-27487,https://securityvulnerability.io/vulnerability/CVE-2022-27487,Improper Privilege Management in Fortinet FortiSandbox and FortiDeceptor,"The vulnerability identified in Fortinet's FortiSandbox and FortiDeceptor products exposes them to the risk of unauthorized API calls. Remote authenticated attackers can exploit this weakness by sending carefully crafted HTTP or HTTPS requests. This flaw could lead to significant security concerns, as it undermines the integrity of the permission mechanisms, potentially allowing unauthorized actions within the affected systems.",Fortinet,"Fortideceptor,Fortisandbox",8.3,HIGH,0.002240000059828162,false,,false,false,false,,,false,false,,2023-04-11T16:06:58.797Z,0
CVE-2022-26115,https://securityvulnerability.io/vulnerability/CVE-2022-26115,Insufficient Computational Effort in Password Hashing Affects FortiSandbox,"A vulnerability in FortiSandbox prior to version 4.2.0 allows an attacker with access to the password database to efficiently launch bulk guessing attacks. This flaw stems from a use of password hashing that does not employ sufficient computational effort, potentially enabling unauthorized recovery of passwords and exposing sensitive data.",Fortinet,Fortisandbox,5.4,MEDIUM,0.001500000013038516,false,,false,false,false,,,false,false,,2023-02-16T18:07:32.040Z,0
CVE-2022-30305,https://securityvulnerability.io/vulnerability/CVE-2022-30305,Insufficient Logging Vulnerability in FortiSandbox and FortiDeceptor Products,"An insufficient logging vulnerability exists in specific versions of FortiSandbox and FortiDeceptor that could allow attackers to repeatedly enter incorrect credentials without any log entry being generated. This flaw also permits an unlimited number of failed login attempts, which potentially enables unauthorized access to systems. As a result, it is imperative for users to assess their security posture and implement necessary safeguards to mitigate this risk.",Fortinet,"Fortisandbox,Fortideceptor",3.6,LOW,0.0014299999456852674,false,,false,false,false,,,false,false,,2022-12-06T16:00:54.500Z,0
CVE-2020-29013,https://securityvulnerability.io/vulnerability/CVE-2020-29013,Improper Input Validation in FortiSandbox Sniffer Interface,"FortiSandbox, a product by Fortinet, has a vulnerability within its sniffer interface that arises from improper input validation. This flaw allows an authenticated attacker to exploit the system by sending specifically crafted requests, which can lead to the silent halting of the sniffer functionality. This vulnerability stresses the importance of robust input validation in order to safeguard against unauthorized disruptions and potential abuse of the system.",Fortinet,Fortinet Fortisandbox,5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2022-04-06T09:05:11.000Z,0
CVE-2021-32591,https://securityvulnerability.io/vulnerability/CVE-2021-32591,Cryptographic Vulnerability in Fortinet Products Impacting User Credential Security,"A vulnerability exists in Fortinet products due to missing cryptographic steps in the function that encrypts user credentials for LDAP and RADIUS services. This oversight may enable attackers with access to the password store to compromise the confidentiality of sensitive information, thereby potentially exposing user data to unauthorized access. The affected versions include FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, and FortiMail 7.0.1 and earlier.",Fortinet,Fortinet Fortisandbox,5.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-12-08T11:56:06.000Z,0
CVE-2020-29012,https://securityvulnerability.io/vulnerability/CVE-2020-29012,Insufficient Session Expiration in FortiSandbox by Fortinet,"FortiSandbox versions 3.2.1 and earlier have an insufficient session expiration vulnerability. This flaw enables attackers to exploit unexpired administrative user session IDs, potentially allowing unauthorized access to information about other users configured on the device. If attackers can obtain a valid session ID through hypothetical methods, they may compromise other user sessions, posing a significant security risk.",Fortinet,Fortinet Fortisandbox,5.6,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-09-08T10:26:31.000Z,0
CVE-2020-15939,https://securityvulnerability.io/vulnerability/CVE-2020-15939,Improper Access Control in FortiSandbox by Fortinet,"An improper access control vulnerability in FortiSandbox versions 3.2.1 and earlier, as well as 3.1.4 and earlier, could potentially enable an authenticated, but unprivileged, attacker to exploit the system. By accessing a recovery URL, the attacker may be able to download sensitive device configuration files, which could lead to further security risks and unauthorized access.",Fortinet,Fortinet Fortisandbox,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-06T15:19:38.000Z,0