CVE-2024-23671

Summary

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox4.4.0 <= 4.4.3affected
FortinetFortiSandbox4.2.1 <= 4.2.6affected
FortinetFortiSandbox4.0.0 <= 4.0.4affected

Weaknesses

  • CWE-22: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References