CVE-2024-31491

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 4.2.0 through 4.2.6 FortiSandbox versions 4.4.0 through 4.4.4

Description The issue is related to the client-side enforcement of server-side security in FortiSandbox. It allows an attacker to execute unauthorized code or commands via HTTP requests. This can potentially enable a malicious user to alter the device's configuration.

Recommendations For FortiSandbox versions 4.2.0 through 4.2.6, update to a version outside of this range to resolve the issue. For FortiSandbox versions 4.4.0 through 4.4.4, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to HTTP requests until a patch is available.