Improper Limitation of Pathname Vulnerability in FortiSandbox by Fortinet
CVE-2021-24010

8.1HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortisandbox
Vendor: CVE Published:; 4 August 2021

Summary

An improper limitation of a pathname to a restricted directory vulnerability exists in FortiSandbox versions 3.1.0 through 3.2.2. This flaw allows an authenticated user to leverage specifically crafted web requests to gain unauthorized access to sensitive files and data, potentially compromising the integrity and confidentiality of the affected systems. Prompt action is required to mitigate the risks associated with these affected versions.

Affected Version(s)

Fortinet FortiSandbox FortiSandbox 3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0

References

https://fortiguard.com/advisory/FG-IR-20-202

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 4, 2021
Vulnerability Reserved
Jan 13, 2021