Vulnerabilities > Fortinet > Fortisandbox > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-13 CVE-2023-41682 Path Traversal vulnerability in Fortinet Fortisandbox
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.
network
low complexity
fortinet CWE-22
7.5
2023-04-11 CVE-2022-27487 Improper Privilege Management vulnerability in Fortinet Fortideceptor and Fortisandbox
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.
network
low complexity
fortinet CWE-269
8.8
2023-02-16 CVE-2022-26115 Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox
A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.
network
low complexity
fortinet CWE-916
7.5
2022-12-06 CVE-2022-30305 Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor and Fortisandbox
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
network
low complexity
fortinet CWE-307
7.5
2021-08-04 CVE-2021-22124 Resource Exhaustion vulnerability in Fortinet Fortiauthenticator and Fortisandbox
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.
network
low complexity
fortinet CWE-400
7.8