Multiple Fortinet FortiOS and FortiSandbox Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-23662 CVSS:5.3

Fortient FortiOS could allow a remote attacker to obtain sensitive information. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to fingerprint the device version.

CVE-2024-23671 CVSS:8.1

Fortinet FortiSandbox could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a path traversal vulnerability. By sending a specially crafted HTTP requet, an attacker could exploit this vulnerability to delete arbitrary files and execute unauthorized code or commands on the system.

CVE-2024-21756 CVSS:8.8

Fortinet FortiSandbox could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2023-47541 CVSS:6.7

Fortinet FortiSandbox could allow a local authenticated attacker to traverse directories on the system. An attacker could send a specially crafted request to execute arbitrary code.

CVE-2024-21755 CVSS:8.8

CVE-2023-47540 CVSS:6.7

Fortinet FortiSandbox could allow a local authenticated attacker to execute arbitrary commands on the system, caused by An improper neutralization of special elements. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2024-31487 CVSS:5.9

Fortinet FortiSandbox could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted HTTP request to read arbitrary files.

Impact