CVE-2021-24010: Path Traversal
First published: Wed Aug 04 2021(Updated: )
Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSandbox | >=3.1.0<3.1.5 | |
| Fortinet FortiSandbox | >=3.2.0<3.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-24010.
What is the affected software?
The affected software is FortiSandbox versions 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4.
How severe is this vulnerability?
This vulnerability has a severity rating of 6.5 (high).
How can an authenticated user exploit this vulnerability?
An authenticated user can exploit this vulnerability by sending specifically crafted web requests to obtain unauthorized access to files and data.
Is there a fix available for this vulnerability?
Yes, Fortinet has provided a fix for this vulnerability. It is recommended to update to versions 3.1.5 or 3.2.3, depending on the affected software version.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/fortinet
- canonical/fortinet fortisandbox
- version/fortinet fortisandbox/3.1.0
- version/fortinet fortisandbox/3.2.0