CVE-2024-23671

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Apr 9, 2024

Updated: Dec 23, 2024

CWE ID 22

Summary

CVE-2024-23671 is a path traversal vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.3, 4.2.0 through 4.2.6, and 4.0.0 through 4.0.4. This issue stems from an improper limitation of user input, enabling an attacker to traverse restricted directories and execute unauthorized code or commands through crafted HTTP requests. Successful exploitation could lead to significant security compromises. Fortinet strongly advises users to update their FortiSandbox software to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiSandbox

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uNAM1b
https://www.cve.org/CVERecord?id=CVE-2024-23671
https://nvd.nist.gov/vuln/detail/CVE-2024-23671

Back to Vulnerability Database