CVE-2024-31487 — Vulnetix

CVE-2024-31487 PUBLISHED

Es besteht eine Schwachstelle in Fortinet FortiSandbox. Dieser Fehler besteht aufgrund eines Path Traversal Problems. Ein entfernter, authentifizierter Angreifer mit mindestens Leseberechtigung kann diese Schwachstelle ausnutzen, um beliebige Dateien über manipulierte http-Anfragen zu lesen.

EPSS 0.45% · 64.0th percentile

Risk Scores

EPSS Score

0.45%

64.0th percentile

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiSandbox <4.2.7
Fortinet	Fortinet FortiSandbox <4.0.5
Fortinet	Fortinet FortiSandbox <4.4.5
Fortinet	Fortinet FortiSandbox <4.4.3
Fortinet	Fortinet FortiSandbox <4.4.4

Timeline

Apr 9, 2024 CVE Published
Apr 10, 2024 EPSS Score
May 5, 2024 EPSS Score
May 30, 2024 EPSS Score
Jun 24, 2024 EPSS Score
Jul 19, 2024 EPSS Score
Aug 14, 2024 EPSS Score
Sep 8, 2024 EPSS Score
Oct 3, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 28, 2024 EPSS Score
Nov 22, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0835.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0835 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-411 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-416 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-454 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-489 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-060 advisory

Open in Interactive Console →