Details of VAR-202405-0708

ID

VAR-202405-0708

CVE

CVE-2024-31491

TITLE

fortinet's FortiSandbox Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-015800

DESCRIPTION

A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. fortinet's FortiSandbox Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-31491 // JVNDB: JVNDB-2024-015800

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.4.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	4.2.7	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	4.4.5	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	4.4.0 that's all 4.4.5	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	4.2.0 that's all 4.2.7	Trust: 0.8

sources: JVNDB: JVNDB-2024-015800 // NVD: CVE-2024-31491

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2024-31491
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-31491
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-31491
value:	HIGH
Trust: 0.8

psirt@fortinet.com:	CVE-2024-31491
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-31491
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-015800 // NVD: CVE-2024-31491 // NVD: CVE-2024-31491

PROBLEMTYPE DATA

problemtype:	CWE-602	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Client-side enforcement of server-side security (CWE-602) [ others ]	Trust: 0.8
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-015800 // NVD: CVE-2024-31491

PATCH

title:

FG-IR-24-054

url:

https://www.fortiguard.com/psirt/FG-IR-24-054

Trust: 0.8

sources: JVNDB: JVNDB-2024-015800

EXTERNAL IDS

db:	NVD	id:	CVE-2024-31491	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-015800	Trust: 0.8

sources: JVNDB: JVNDB-2024-015800 // NVD: CVE-2024-31491

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-24-054	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-31491	Trust: 0.8

sources: JVNDB: JVNDB-2024-015800 // NVD: CVE-2024-31491

SOURCES

db:	JVNDB	id:	JVNDB-2024-015800
db:	NVD	id:	CVE-2024-31491

LAST UPDATE DATE

2025-01-09T23:05:47.312000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-015800	date:	2025-01-07T08:49:00
db:	NVD	id:	CVE-2024-31491	date:	2025-01-02T18:35:20.503

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-015800	date:	2025-01-07T00:00:00
db:	NVD	id:	CVE-2024-31491	date:	2024-05-14T17:17:24.197