CVE-2021-24010 — Path Traversal in Fortinet Fortisandbox

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUMNVD

CNA8.1

EPSS

0.4%

top 36.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisandbox Fortinet Fortisandbox

Timeline

PublishedAug 4

Latest updateMay 24

Description

Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortisandbox3.1.0 — 3.1.5+1

▶CVEListV5fortinet/fortinet_fortisandboxFortiSandbox 3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0

🔴Vulnerability Details

GHSA

GHSA-4g43-jcgp-9p5g: Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3↗2022-05-24

▶

CVEList

CVE-2021-24010: Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3↗2021-08-04

▶

📋Vendor Advisories

Fortinet

Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1...↗2021-08-04

▶