Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortisandbox
Subscriptions
Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45328 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 7.1 High |
| An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. | ||||
| CVE-2024-52961 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 8.6 High |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | ||||
| CVE-2024-54018 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 6.5 Medium |
| Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. | ||||
| CVE-2024-54027 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 7.8 High |
| A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI. | ||||
| CVE-2024-27781 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 6.9 Medium |
| An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2024-27779 | 1 Fortinet | 2 Fortiisolator, Fortisandbox | 2026-02-26 | 6.3 Medium |
| An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted. | ||||
| CVE-2025-53949 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 7 High |
| An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. | ||||
| CVE-2025-53679 | 1 Fortinet | 3 Fortisandbox, Fortisandbox Cloud, Fortisandboxcloud | 2026-02-26 | 6.9 Medium |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | ||||
| CVE-2025-52436 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 7.9 High |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. | ||||
| CVE-2024-27778 | 1 Fortinet | 1 Fortisandbox | 2026-01-15 | 8.3 High |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | ||||
| CVE-2025-67685 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 3.4 Low |
| A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests. | ||||
| CVE-2024-54026 | 1 Fortinet | 3 Fortisandbox, Fortisandbox Cloud, Fortisandboxcloud | 2026-01-14 | 4.1 Medium |
| An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox Cloud 24.1 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2024-31491 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 8.6 High |
| A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. | ||||
| CVE-2023-47541 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 6.5 Medium |
| An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions, FortiSandbox 2.3 all versions, FortiSandbox 2.2 all versions, FortiSandbox 2.1 all versions, FortiSandbox 2.0 all versions allows attacker to execute unauthorized code or commands via CLI. | ||||
| CVE-2023-41836 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 3.4 Low |
| An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.4, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2024-31490 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 4.2 Medium |
| An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2.2 through 3.2.4, FortiSandbox 3.1.5 allows attacker to information disclosure via HTTP get requests. | ||||
| CVE-2024-31487 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 5.8 Medium |
| A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions allows attacker to information disclosure via crafted http requests. | ||||
| CVE-2024-23671 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 7.9 High |
| A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2024-21756 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | ||||
| CVE-2024-21755 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | ||||