Fortinet FortiSandbox is a sandboxing solution used to analyze and block malicious files, allowing organizations to better protect themselves against advanced threats. This vulnerability allows an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests, potentially leading to lateral movement within the network or the compromise of sensitive data.
You're affected if you use An Improper Neutralization of Special Elements used. Affected versions: 5.0.2, 4.4.7 If you don't recognise this software, you're probably not affected.
Upgrade to FortiSandbox 5.0.3 or above: https://support.fortinet.com/s/article/FG-IR-25-479
- For immediate mitigations:
- Restrict network access to your FortiSandbox instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation