{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31487", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-04-04T12:52:41.585Z", "datePublished": "2024-04-09T14:24:21.862Z", "dateUpdated": "2024-08-02T01:52:57.095Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "4.4.0", "lessThanOrEqual": "4.4.4", "status": "affected"}, {"versionType": "semver", "version": "4.2.0", "lessThanOrEqual": "4.2.6", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.5", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.4", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.5", "status": "affected"}, {"versionType": "semver", "version": "3.0.0", "lessThanOrEqual": "3.0.7", "status": "affected"}, {"versionType": "semver", "version": "2.5.0", "lessThanOrEqual": "2.5.2", "status": "affected"}, {"versionType": "semver", "version": "2.4.0", "lessThanOrEqual": "2.4.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-04-09T14:24:21.862Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiSandbox version 4.4.5 or above \nPlease upgrade to FortiSandbox version 4.2.7 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-24-060", "url": "https://fortiguard.com/psirt/FG-IR-24-060"}]}, "adp": [{"affected": [{"vendor": "fortinet", "product": "fortisandbox", "cpes": ["cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "4.4.0", "status": "affected", "lessThanOrEqual": "4.4.4", "versionType": "semver"}, {"version": "4.2.0", "status": "affected", "lessThanOrEqual": "4.2.6", "versionType": "semver"}, {"version": "4.0.0", "status": "affected", "lessThanOrEqual": "4.0.5", "versionType": "semver"}, {"version": "3.2.0", "status": "affected", "lessThanOrEqual": "3.2.4", "versionType": "semver"}, {"version": "3.1.0", "status": "affected", "lessThanOrEqual": "3.1.5", "versionType": "semver"}, {"version": "3.0.0", "status": "affected", "lessThanOrEqual": "3.0.7", "versionType": "semver"}, {"version": "2.5.0", "status": "affected", "lessThanOrEqual": "2.5.2", "versionType": "semver"}, {"version": "2.4.0", "status": "affected", "lessThanOrEqual": "2.4.1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-15T17:19:28.109529Z", "id": "CVE-2024-31487", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T20:35:07.273Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:57.095Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-24-060", "url": "https://fortiguard.com/psirt/FG-IR-24-060", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31487", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-15T17:19:28.109529Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortisandbox", "versions": [{"status": "affected", "version": "4.4.0", "versionType": "semver", "lessThanOrEqual": "4.4.4"}, {"status": "affected", "version": "4.2.0", "versionType": "semver", "lessThanOrEqual": "4.2.6"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.5"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.4"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.5"}, {"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.7"}, {"status": "affected", "version": "2.5.0", "versionType": "semver", "lessThanOrEqual": "2.5.2"}, {"status": "affected", "version": "2.4.0", "versionType": "semver", "lessThanOrEqual": "2.4.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T17:19:33.196Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N/E:F/RL:X/RC:X", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "4.4.0", "versionType": "semver", "lessThanOrEqual": "4.4.4"}, {"status": "affected", "version": "4.2.0", "versionType": "semver", "lessThanOrEqual": "4.2.6"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.5"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.4"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.5"}, {"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.7"}, {"status": "affected", "version": "2.5.0", "versionType": "semver", "lessThanOrEqual": "2.5.2"}, {"status": "affected", "version": "2.4.0", "versionType": "semver", "lessThanOrEqual": "2.4.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiSandbox version 4.4.5 or above \nPlease upgrade to FortiSandbox version 4.2.7 or above \n"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-24-060", "name": "https://fortiguard.com/psirt/FG-IR-24-060"}], "descriptions": [{"lang": "en", "value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-04-09T14:24:21.862Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31487", "state": "PUBLISHED", "dateUpdated": "2024-07-16T20:35:07.273Z", "dateReserved": "2024-04-04T12:52:41.585Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-04-09T14:24:21.862Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests."}, {"lang": "es", "value": "Una limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"path traversal\") en Fortinet FortiSandbox versi\u00f3n 4.4.0 a 4.4.4 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.5 y 3.2.0 a 3.2. 4 y 3.1.0 a 3.1.5 y 3.0.0 a 3.0.7 y 2.5.0 a 2.5.2 y 2.4.0 a 2.4.1 pueden permitir al atacante la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de solicitudes http manipuladas."}], "id": "CVE-2024-31487", "lastModified": "2024-04-10T13:24:22.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2024-04-09T15:15:31.753", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.com/psirt/FG-IR-24-060"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}