Critical Bypass in FortiSandbox
Fortinet has addressed a critical security flaw in its FortiSandbox platform that could allow remote attackers to bypass authentication entirely. The vulnerability, which affects the GUI interface of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, requires no valid credentials to exploit. This means an unauthenticated attacker on the network could potentially access sensitive sandbox analysis data or administrative functions.
The impacted versions span FortiSandbox 5.0 and 4.4, as well as several cloud and PaaS releases. Given the unauthenticated nature of the attack vector, this patch is the highest priority in the batch and underscores the importance of immediate updates for organizations using these security analysis tools.
CLI Flaws and Infrastructure Vulnerabilities
Two separate command injection vulnerabilities were discovered in Fortinet’s wireless access point controllers, affecting FortiAP and related firmware lines. Both flaws, rated medium severity, require authenticated access to the CLI but could allow an attacker to execute arbitrary operating system commands on the hardware. The patches cover FortiAP versions from 6.4 through 7.6, along with FortiAP-U and FortiAP-W2 variants.
Additional vulnerabilities include a denial of service risk in the API layer of FortiAnalyzer and FortiManager, where an authenticated internal attacker could disrupt centralized log analysis and network management. An out of bounds write flaw was also found in the CAPWAP daemon within FortiOS, affecting versions 7.2, 7.4, and 7.6. Together, these patches highlight the breadth of Fortinet’s enterprise product ecosystem and the need for comprehensive update management across wireless, security, and management platforms.
Source: Cyber Security News
