VYPR
Unrated severityNVD Advisory· Published Apr 9, 2024· Updated Jan 14, 2026

CVE-2024-23671

CVE-2024-23671

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Affected products

2
  • cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*range: 4.4.0
    • (no CPE)range: 4.0.0-4.0.4, 4.2.1-4.2.6, 4.4.0-4.4.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.