CVE-2024-31487

{"id": "CVE-2024-31487", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-04-09T15:15:31.753", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-24-060", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://fortiguard.com/psirt/FG-IR-24-060", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions allows attacker to information disclosure via crafted http requests."}, {"lang": "es", "value": "Una limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"path traversal\") en Fortinet FortiSandbox versi\u00f3n 4.4.0 a 4.4.4 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.5 y 3.2.0 a 3.2. 4 y 3.1.0 a 3.1.5 y 3.0.0 a 3.0.7 y 2.5.0 a 2.5.2 y 2.4.0 a 2.4.1 pueden permitir al atacante la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de solicitudes http manipuladas."}], "lastModified": "2026-01-14T14:16:10.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "521481E8-AA41-431A-BAD7-1865B4576E85", "versionEndExcluding": "4.2.7", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C77A903-42B3-41D3-BDC6-E138679B5400", "versionEndExcluding": "4.4.5", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}