cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-31490,https://securityvulnerability.io/vulnerability/CVE-2024-31490,FortiSandbox vulnerability exposes sensitive information to unauthorized actors via HTTP get requests,An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests.,Fortinet,Fortisandbox,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-09-10T14:37:45.103Z,0
CVE-2024-31491,https://securityvulnerability.io/vulnerability/CVE-2024-31491,Client-Side Security Vulnerability in Fortinet FortiSandbox Products,"A security vulnerability exists in Fortinet FortiSandbox versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6, whereby client-side enforcement mechanisms fail to adequately control server-side security protocols. This allows attackers to exploit the weak enforcement, enabling them to execute unauthorized code or commands through specially crafted HTTP requests. This flaw potentially exposes Fortinet users to significant security risks, necessitating swift patching and mitigation measures. For further details, visit Fortinet's official advisory at [FortiGuard PSIRT](https://fortiguard.com/psirt/FG-IR-24-054).",Fortinet,Fortisandbox,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-14T16:19:02.974Z,0
CVE-2024-21755,https://securityvulnerability.io/vulnerability/CVE-2024-21755,FortiSandbox Command Injection Vulnerability,"An improper neutralization of special elements in OS commands, known as os command injection, has been identified in Fortinet FortiSandbox versions ranging from 4.0.0 to 4.4.3. This vulnerability allows attackers to execute unauthorized commands or code by sending specially crafted requests to the affected system. Successful exploitation of this flaw can compromise the integrity of the system and potentially lead to further unauthorized access to sensitive data. Users of the affected versions are advised to apply the necessary updates to mitigate this security risk.",Fortinet,Fortisandbox,8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-04-09T14:24:25.073Z,0
CVE-2024-21756,https://securityvulnerability.io/vulnerability/CVE-2024-21756,FortiSandbox Command Injection Vulnerability,"An improper neutralization of special elements used in operating system commands, known as OS command injection, affects multiple versions of Fortinet's FortiSandbox product. This vulnerability allows an attacker to execute unauthorized code or commands by sending specially crafted requests. Affected versions include FortiSandbox versions 4.4.0 to 4.4.3, 4.2.0 to 4.2.6, and 4.0.0 to 4.0.4. Organizations utilizing these versions should consider applying the latest patches or updates to mitigate potential risks and enhance security.",Fortinet,Fortisandbox,8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-04-09T14:24:24.441Z,0
CVE-2023-47540,https://securityvulnerability.io/vulnerability/CVE-2023-47540,FortiSandbox Command Injection Vulnerability,An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI.,Fortinet,Fortisandbox,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-09T14:24:23.806Z,0
CVE-2024-31487,https://securityvulnerability.io/vulnerability/CVE-2024-31487,FortiSandbox Path Traversal Vulnerability Could Lead to Information Disclosure,A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests.,Fortinet,Fortisandbox,6.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-04-09T14:24:21.862Z,0
CVE-2024-23671,https://securityvulnerability.io/vulnerability/CVE-2024-23671,FortiSandbox Path Traversal Vulnerability Allows Unauthorized Code Execution,"A vulnerability has been identified within Fortinet FortiSandbox that involves an improper limitation of a pathname, allowing path traversal to occur. This weakness exists in FortiSandbox versions 4.4.0 to 4.4.3, 4.2.0 to 4.2.6, and 4.0.0 to 4.0.4. An attacker could exploit this vulnerability to execute unauthorized commands or code by sending specially crafted HTTP requests. Organizations using the affected versions are encouraged to apply necessary security measures to prevent potential exploitation.",Fortinet,Fortisandbox,8.1,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-04-09T14:24:20.543Z,0
CVE-2023-47541,https://securityvulnerability.io/vulnerability/CVE-2023-47541,Path Traversal Vulnerability in Fortinet FortiSandbox,"A vulnerability exists in Fortinet FortiSandbox that allows an attacker to exploit an improper limitation of pathname to a restricted directory, commonly known as path traversal. This flaw affects multiple versions of FortiSandbox, enabling unauthorized code execution or command execution via the command line interface (CLI). It represents a significant risk as it can be leveraged by attackers to compromise the security of affected systems. Users of FortiSandbox are advised to apply the necessary patches and implement security measures to mitigate potential attacks.",Fortinet,Fortisandbox,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-04-09T14:24:20.501Z,0
CVE-2023-41844,https://securityvulnerability.io/vulnerability/CVE-2023-41844,,A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint.,Fortinet,Fortisandbox,3.4,LOW,0.0005200000014156103,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0
CVE-2023-45587,https://securityvulnerability.io/vulnerability/CVE-2023-45587,,An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests,Fortinet,Fortisandbox,3.4,LOW,0.0005200000014156103,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0
CVE-2023-41682,https://securityvulnerability.io/vulnerability/CVE-2023-41682,Path Traversal Vulnerability in Fortinet FortiSandbox Products,"A path traversal vulnerability in Fortinet FortiSandbox allows an attacker to craft HTTP requests that manipulate the pathname, potentially leading to a denial of service. This flaw is present across multiple versions of the FortiSandbox product line, including versions from 4.4.0 down to 2.4.0. Exploitation of this vulnerability could significantly impact the availability of the affected system.",Fortinet,Fortisandbox,7.9,HIGH,0.0022700000554323196,false,false,false,false,,false,false,2023-10-13T15:15:00.000Z,0
CVE-2023-41843,https://securityvulnerability.io/vulnerability/CVE-2023-41843,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox,"A cross-site scripting vulnerability exists in Fortinet FortiSandbox across several versions, including 4.4.1, 4.4.0, 4.2.0 through 4.2.5, and 4.0.0 through 4.0.3. This vulnerability arises from improper neutralization of user inputs during web page generation, enabling malicious actors to execute unauthorized code or commands through specially crafted HTTP requests. Organizations using the affected versions are encouraged to implement the necessary security measures to safeguard their systems.",Fortinet,Fortisandbox,7.3,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2023-10-13T15:15:00.000Z,0
CVE-2023-41681,https://securityvulnerability.io/vulnerability/CVE-2023-41681,Cross-Site Scripting in Fortinet FortiSandbox,"An improper neutralization of input during web page generation in Fortinet FortiSandbox allows attackers to execute unauthorized code or commands by sending specially crafted HTTP requests. This cross-site scripting vulnerability affects multiple versions of the product, posing significant risks to users' web applications and data integrity. Regular updates and proper input validation practices are essential to mitigate such vulnerabilities.",Fortinet,Fortisandbox,7.3,HIGH,0.0006699999794363976,false,false,false,false,,false,false,2023-10-13T15:15:00.000Z,0
CVE-2023-41680,https://securityvulnerability.io/vulnerability/CVE-2023-41680,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox Products,"An improper neutralization of input during the web page generation in Fortinet FortiSandbox allows attackers to exploit cross-site scripting vulnerabilities. This can result in the execution of unauthorized code or commands through specially crafted HTTP requests. Affected versions span multiple releases, indicating a widespread risk across the FortiSandbox product line. For detailed information, visit the FortiGuard advisory.",Fortinet,Fortisandbox,7.3,HIGH,0.0006699999794363976,false,false,false,false,,false,false,2023-10-13T15:15:00.000Z,0
CVE-2023-41836,https://securityvulnerability.io/vulnerability/CVE-2023-41836,,"An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.",Fortinet,Fortisandbox,3.4,LOW,0.0006699999794363976,false,false,false,false,,false,false,2023-10-13T15:15:00.000Z,0
CVE-2022-22305,https://securityvulnerability.io/vulnerability/CVE-2022-22305,,"An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.",Fortinet,"Fortianalyzer,Fortisandbox,Fortimanager",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2023-09-01T11:43:03.878Z,0
CVE-2022-27485,https://securityvulnerability.io/vulnerability/CVE-2022-27485,,"A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.",Fortinet,Fortisandbox,6.2,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2023-04-11T16:07:08.880Z,0
CVE-2022-27487,https://securityvulnerability.io/vulnerability/CVE-2022-27487,Improper Privilege Management in Fortinet FortiSandbox and FortiDeceptor,"The vulnerability identified in Fortinet's FortiSandbox and FortiDeceptor products exposes them to the risk of unauthorized API calls. Remote authenticated attackers can exploit this weakness by sending carefully crafted HTTP or HTTPS requests. This flaw could lead to significant security concerns, as it undermines the integrity of the permission mechanisms, potentially allowing unauthorized actions within the affected systems.",Fortinet,"Fortideceptor,Fortisandbox",8.3,HIGH,0.002240000059828162,false,false,false,false,,false,false,2023-04-11T16:06:58.797Z,0
CVE-2022-26115,https://securityvulnerability.io/vulnerability/CVE-2022-26115,,A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.,Fortinet,Fortisandbox,5.4,MEDIUM,0.001500000013038516,false,false,false,false,,false,false,2023-02-16T18:07:32.040Z,0
CVE-2022-30305,https://securityvulnerability.io/vulnerability/CVE-2022-30305,,"An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2  may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.",Fortinet,"Fortisandbox,Fortideceptor",3.6,LOW,0.0014299999456852674,false,false,false,false,,false,false,2022-12-06T16:00:54.500Z,0
CVE-2020-29013,https://securityvulnerability.io/vulnerability/CVE-2020-29013,,An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.,Fortinet,Fortinet Fortisandbox,5.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2022-04-06T09:05:11.000Z,0
CVE-2021-32591,https://securityvulnerability.io/vulnerability/CVE-2021-32591,,"A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.",Fortinet,Fortinet Fortisandbox,5.3,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2021-12-08T11:56:06.000Z,0
CVE-2020-29012,https://securityvulnerability.io/vulnerability/CVE-2020-29012,,"An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)",Fortinet,Fortinet Fortisandbox,5.6,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2021-09-08T10:26:31.000Z,0
CVE-2020-15939,https://securityvulnerability.io/vulnerability/CVE-2020-15939,,"An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.",Fortinet,Fortinet Fortisandbox,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-09-06T15:19:38.000Z,0
CVE-2021-22124,https://securityvulnerability.io/vulnerability/CVE-2021-22124,,"An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.",Fortinet,"Fortinet Fortisandbox, Fortiauthenticator",7.5,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2021-08-04T18:18:25.000Z,0