CVE-2024-31491

Published: May 14, 2024Modified: Jan 14, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests.

Affected (2)

Products: Fortinet: Fortisandbox

Fortinet

1 product

Fortisandbox

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortisandbox	From 4.2.0 to 4.2.7
Fortinet Fortisandbox	From 4.4.0 to 4.4.5

Related CWEs

CWE-602

Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References (2)

https://fortiguard.com/psirt/FG-IR-24-054

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-24-054

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.