A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
The vulnerability results from missing authorization verification for specific HTTP requests handled by FortiSandbox. An attacker without any credentials can send crafted HTTP requests directly to the vulnerable system, bypassing access control mechanisms. Due to the network attack vector (AV:N), lack of attack complexity requirements (AC:L), and no need for user interaction, exploitation can be performed remotely and fully automatically.
An unauthenticated attacker can remotely execute arbitrary code or system commands on the vulnerable device, leading to complete compromise of confidentiality, integrity, and availability of the system (C:H/I:H/A:H).
Apply patches available from the vendor according to references published by Fortinet at https://fortiguard.fortinet.com/psirt/FG-IR-26-136. Until patches are implemented, it is recommended to restrict network access to the FortiSandbox HTTP interface only to trusted IP addresses and isolate the device from public networks.
Fortinet FortiSandbox 5.0.0–5.0.1, FortiSandbox 4.4.0–4.4.8; FortiSandbox Cloud 5.0.2–5.0.5; FortiSandbox PaaS 23.4 (all versions), 23.3 (all versions), 23.1 (all versions), 22.2 (all versions), 22.1 (all versions), 21.4 (all versions), 21.3 (all versions), 5.0.0–5.0.1, 4.4.5–4.4.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortisandbox
APPFortinet4.4.0 – 4.4.9 (bez)5.0.0 – 5.0.2 (bez)Fortinet Fortisandbox Cloud
APPFortinet24.1.443623.1.4245 – 23.4.43745.0.2 – 5.0.6 (bez)Fortinet Fortisandbox Paas
APPFortinet4.4.5 – 4.4.9 (bez)5.0.0 – 5.0.2 (bez)21.3.4055 – 23.4.4374
Related vulnerabilities
Command injection w Fortinet FortiSandbox — dostęp bez uwierzytelnienia
Command Injection w Fortinet FortiSandbox umożliwiający RCE
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 ...
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in...
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79]...