Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortisandbox vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-26096
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox prior to 4.0.0 may allow an authenticated malicious user to manipulate memory and alter its content by means of specifically crafted command line arguments.
Fortinet Fortisandbox
8.8
CVSSv3
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 up to and including 3.2.2, 3.1.0 up to and including 3.1.4, and 3.0.0 up to and including 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unaut...
Fortinet Fortisandbox
7.5
CVSSv3
CVE-2021-26098
An instance of small space of random values in the RPC API of FortiSandbox prior to 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs.
Fortinet Fortisandbox
6.5
CVSSv3
CVE-2021-24010
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 up to and including 3.2.2, and 3.1.0 up to and including 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.
Fortinet Fortisandbox
6.1
CVSSv3
CVE-2021-24014
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox prior to 4.0.0 may allow an unauthenticated malicious user to perform an XSS attack via specifically crafted request parameters.
Fortinet Fortisandbox
7.2
CVSSv3
CVE-2021-22125
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox prior to 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.
Fortinet Fortisandbox
6.1
CVSSv3
CVE-2015-7360
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox prior to 2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport pa...
Fortinet Fortisandbox Firmware
7.4
CVSSv3
CVE-2016-8495
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 up to and including 5.2.7 and 5.4.0 up to and including 5.4.1 allows remote malicious user to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing fea...
Fortinet Fortimanager Firmware 5.0.11
Fortinet Fortimanager Firmware 5.2.3
Fortinet Fortimanager Firmware 5.0.5
Fortinet Fortimanager Firmware 5.2.2
Fortinet Fortimanager Firmware 5.0.4
Fortinet Fortimanager Firmware 5.0.6
Fortinet Fortimanager Firmware 5.2.0
Fortinet Fortimanager Firmware 5.2.7
Fortinet Fortimanager Firmware 5.0.7
Fortinet Fortimanager Firmware 5.0.10
Fortinet Fortimanager Firmware 5.2.1
Fortinet Fortimanager Firmware 5.0.3
Fortinet Fortimanager Firmware 5.2.4
Fortinet Fortimanager Firmware 5.2.6
Fortinet Fortimanager Firmware 5.0.8
Fortinet Fortimanager Firmware 5.0.9
Fortinet Fortimanager Firmware 5.4.1
Fortinet Fortimanager Firmware 5.4.0
NA
CVE-2024-31491
A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 up to and including 4.4.4 and 4.2.0 up to and including 4.2.6 allows malicious user to execute unauthorized code or commands via HTTP requests.
NA
CVE-2024-23671
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 up to and including 4.4.3 and 4.2.0 up to and including 4.2.6 and 4.0.0 up to and including 4.0.4 allows malicious user to execute unauthorized code o...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »