CVE-2024-21755

Fortinet FortiSandbox is affected by an os command injection vulnerability (CVE-2024-21755) in multiple releases: 4.0.0–4.0.4, 4.2.0–4.2.6, and 4.4.0–4.4.3. The issue stems from improper neutralization of special elements used in an os command, allowing an attacker to execute unauthorized code or...

CVE-2024-21755

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2023-47542

A improper neutralization of special elements used in a template engine CWE-1336 in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates...

CVE-2024-21756

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2023-47542

A improper neutralization of special elements used in a template engine CWE-1336 in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates...

CVE-2024-21756

Fortinet FortiSandbox (versions 4.0.0–4.4.3) is affected by an OS command injection vulnerability. The issue allows an attacker to execute unauthorized code or commands via crafted requests, with network access, low attack complexity, and low privileges required. Impact is high (C/H, I/H, A/H) an...

CVE-2024-21756

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2023-47542

CVE-2023-47542 : Fortinet FortiManager suffers from improper neutralization of special elements used in a template engine (CWE-1336). Affects FortiManager versions 7.4.1 and below, 7.2.4 and below, and 7.0.10 and below. The issue could enable a local attacker to execute unauthorized code or comma...

CVE-2023-47540

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker ...

CVE-2023-47540

Fortinet FortiSandbox is affected by an OS command injection (improper neutralization of special elements) that allows an attacker to execute unauthorized code or commands via the CLI. Affected versions include 3.0.5–3.0.7, 3.2.0–3.2.4, 4.0.0–4.0.5, 4.2.0–4.2.6, and 4.4.0–4.4.2. The issue is trig...

CVE-2023-47540

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker ...

CVE-2023-41677

CVE-2023-41677 affects Fortinet FortiProxy and FortiOS versions listed in the description, where a vulnerability due to insufficient protection of credentials could let an attacker execute unauthorized code or commands through a targeted social engineering attack. The issue is documented across m...

CVE-2023-41677

A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through...

CVE-2024-23671

CVE-2024-23671 describes a path traversal vulnerability in Fortinet FortiSandbox versions 4.0.0–4.0.4, 4.2.0–4.2.6, and 4.4.0–4.4.3 that allows an attacker to execute unauthorized code or commands via crafted HTTP requests. The root cause is improper limitation of a pathname to a restricted direc...

CVE-2023-47541

Fortinet FortiSandbox is affected by CVE-2023-47541, a path traversal flaw caused by improper limitation of a pathname to a restricted directory that allows a local attacker to execute unauthorized code or commands via the CLI. Affected FortiSandbox versions include 2.0.0–2.0.3, 2.1.0–2.1.3, 2.2....

CVE-2023-47541

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...

CVE-2024-23671

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2023-45590

Fortinet FortiClientLinux contains an improper control of code generation (CWE-94) that can lead to remote code execution when a user visits a malicious website. Affected versions include FortiClientLinux 7.0.3–7.0.4, 7.0.6–7.0.10, and 7.2.0. Fortinet’s advisories and vendor-sec patches recommend...

CVE-2023-45590

An improper control of generation of code 'code injection' in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a path traversal vulnerability that can be...