CVE-2024-31487

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 2.4.0 through 2.4.1 Fortinet FortiSandbox versions 2.5.0 through 2.5.2 Fortinet FortiSandbox versions 3.0.0 through 3.0.7 Fortinet FortiSandbox versions 3.1.0 through 3.1.5 Fortinet FortiSandbox versions 3.2.0 through 3.2.4 Fortinet FortiSandbox versions 4.0.0 through 4.0.5 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0 through 4.4.4

Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'path traversal', in Fortinet FortiSandbox. This may allow an attacker to disclose information via crafted HTTP requests. The exploitation of this issue can enable a remote attacker to read arbitrary files using specially crafted HTTP requests.

Recommendations: For Fortinet FortiSandbox versions 2.4.0 through 2.4.1, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 2.5.0 through 2.5.2, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 3.0.0 through 3.0.7, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 3.1.0 through 3.1.5, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 3.2.0 through 3.2.4, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 4.0.0 through 4.0.5, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 4.2.0 through 4.2.6, update to a version that fixes the 'path traversal' issue. For Fortinet FortiSandbox versions 4.4.0 through 4.4.4, update to a version that fixes the 'path traversal' issue.