FortiSandbox - Arbitrary file delete on endpoint

April 9, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox may allow an authenticated attacker with at least read-only permission to delete arbitrary files via crafted HTTP requests.

arbitrary files attacker cwe delete directory endpoint file files http http requests may path path traversal permission requests restricted vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 4 days, 23 hours ago | fortiguard.fortinet.com

attacker cwe disclaimer may +8

Exposure of password hashes to read-only admin 4 days, 23 hours ago | fortiguard.fortinet.com

admin control cwe data +11

Double free with double usage of json_object_put 4 days, 23 hours ago | fortiguard.fortinet.com

attacker code commands cwe +9

Format String Bug in cli command 4 days, 23 hours ago | fortiguard.fortinet.com

amp arbitrary code arbitrary code execution attacker +19

Client IP relies on X-Forwarded-For and other headers 4 days, 23 hours ago | fortiguard.fortinet.com

attack bypass client cwe +10

Buffer overflow in administrative interface 4 days, 23 hours ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +13

Code injection in playbook code snippet step 4 days, 23 hours ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +7

Client-side enforcement of server-side security related to customer reports features 4 days, 23 hours ago | fortiguard.fortinet.com

access account attacker client +16

HTTP/2 CONTINUATION Frames Vulnerability 4 days, 23 hours ago | fortiguard.fortinet.com

attack can connection crash +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com

all InfoSec news

FortiSandbox - Arbitrary file delete on endpoint

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

Sr. Staff Firmware Engineer – Networking & Firewall

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

SAP Security Administrator