CVE-2021-24010

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 3.1.0 through 3.1.4 FortiSandbox versions 3.2.0 through 3.2.2

Description The issue is related to improper limitation of a pathname to a restricted directory in FortiSandbox. This can be exploited by a remote attacker using a specially crafted request to gain unauthorized access to protected information. An authenticated user may obtain unauthorized access to files and data via specifically crafted web requests.

Recommendations For FortiSandbox versions 3.1.0 through 3.1.4, update to a version outside of this range to resolve the issue. For FortiSandbox versions 3.2.0 through 3.2.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and files to minimize the risk of exploitation.