PSIRTFortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution
Summary
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.
| Version | Affected | Solution |
|---|---|---|
| FortiSandbox 4.4 | 4.4.0 through 4.4.2 | Upgrade to 4.4.3 or above |
| FortiSandbox 4.2 | 4.2.0 through 4.2.6 | Upgrade to 4.2.7 or above |
| FortiSandbox 4.0 | 4.0 all versions | Migrate to a fixed release |
| FortiSandbox 3.2 | 3.2 all versions | Migrate to a fixed release |
| FortiSandbox 3.1 | 3.1 all versions | Migrate to a fixed release |
| FortiSandbox 3.0 | 3.0 all versions | Migrate to a fixed release |
| FortiSandbox 2.5 | 2.5 all versions | Migrate to a fixed release |
| FortiSandbox 2.4 | 2.4 all versions | Migrate to a fixed release |
| FortiSandbox 2.3 | 2.3 all versions | Migrate to a fixed release |
| FortiSandbox 2.2 | 2.2 all versions | Migrate to a fixed release |
| FortiSandbox 2.1 | 2.1 all versions | Migrate to a fixed release |
| FortiSandbox 2.0 | 2.0 all versions | Migrate to a fixed release |
Acknowledgement
Internally discovered and reported by Adham El karn of Fortinet Product Security team.Timeline
2024-04-09: Initial publication