Plattform
fortinet
Komponente
fortisandbox
Behoben in
4.4.4
4.2.7
4.0.5
CVE-2024-23671 describes a path traversal vulnerability discovered in Fortinet FortiSandbox. This flaw allows an attacker to potentially execute unauthorized code or commands through specially crafted HTTP requests. The vulnerability impacts FortiSandbox versions 4.0.0 through 4.4.3. A patch is available from Fortinet to address this security issue.
The path traversal vulnerability in FortiSandbox allows attackers to bypass security controls and access restricted files or directories. By manipulating HTTP requests, an attacker could potentially read sensitive configuration files, execute arbitrary commands on the system, or even gain complete control of the FortiSandbox appliance. This could lead to data breaches, system disruption, and further compromise of the network. The ability to execute commands elevates the risk significantly, potentially enabling lateral movement within the network if the FortiSandbox appliance is connected to other systems.
CVE-2024-23671 was publicly disclosed on April 9, 2024. While no active exploitation campaigns have been confirmed, the availability of a path traversal vulnerability in a network security appliance like FortiSandbox presents a significant risk. The vulnerability's ease of exploitation could make it an attractive target for malicious actors. Its inclusion in the NVD indicates a potential for widespread exploitation. No KEV listing is currently available.
Organizations heavily reliant on FortiSandbox for network security and threat detection are at significant risk. This includes businesses with complex network architectures, those utilizing FortiSandbox in conjunction with other Fortinet products, and those with limited security expertise to promptly apply patches.
• fortinet / appliance:
Get-Process -Name FortiSandbox | Select-Object -ExpandProperty Path• fortinet / appliance:
Get-WinEvent -LogName Application -Filter "EventID=5140" -MaxEvents 10 | Select-String -Pattern "FortiSandbox"• fortinet / appliance:
Review FortiSandbox access logs for unusual file access patterns or requests containing directory traversal sequences (e.g., ../).
• fortinet / appliance:
Check FortiSandbox configuration for any custom scripts or integrations that might be vulnerable to path traversal attacks.
disclosure
Exploit-Status
EPSS
0.83% (74% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-23671 is to upgrade FortiSandbox to a patched version. Fortinet has released updates to address this vulnerability. If immediate patching is not possible due to compatibility concerns or testing requirements, consider implementing temporary workarounds such as restricting network access to the FortiSandbox appliance and carefully reviewing HTTP request logs for suspicious activity. Web application firewalls (WAFs) configured to block path traversal attempts can also provide an additional layer of defense. After upgrading, confirm the fix by attempting a path traversal request and verifying that it is blocked.
Actualice FortiSandbox a una versión posterior a las versiones 4.4.3, 4.2.6 y 4.0.4, según corresponda a su rama de versión. Esto solucionará la vulnerabilidad de path traversal y evitará la ejecución de código no autorizado.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-23671 is a vulnerability in Fortinet FortiSandbox versions 4.0.0–4.4.3 that allows attackers to potentially execute unauthorized code via crafted HTTP requests.
If you are running FortiSandbox versions 4.0.0 through 4.4.3, you are potentially affected by this vulnerability. Check your current version and upgrade as soon as possible.
The recommended fix is to upgrade to a patched version of FortiSandbox. Refer to the official Fortinet security advisory for specific version details and upgrade instructions.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's ease of exploitation increases the risk of attacks. Monitor your systems closely.
Refer to the official Fortinet security advisory for detailed information about CVE-2024-23671 and available patches: [https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2024-23671](https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2024-23671)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.