CVE-2024-23671

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0.0 through 4.0.4 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0 through 4.4.3

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'path traversal', in Fortinet FortiSandbox. This allows an attacker to execute unauthorized code or commands via crafted HTTP requests. The attacker can also delete arbitrary files using specially crafted HTTP requests.

Recommendations For Fortinet FortiSandbox versions 4.0.0 through 4.0.4, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 4.2.0 through 4.2.6, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 4.4.0 through 4.4.3, update to a version that fixes the 'path traversal' issue. As a temporary workaround, consider restricting access to the vulnerable directory to minimize the risk of exploitation. Avoid using crafted HTTP requests that could exploit the 'path traversal' issue until the problem is resolved.