Headline
CVE-2022-27485: Fortiguard
A improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.
** PSIRT Advisories**
FortiSandbox - SQL injection in certificate downloading feature
Summary
An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiSandbox may allow a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.
Affected Products
At least
FortiSandbox version 4.2.0
FortiSandbox version 4.0.0 through 4.0.2
FortiSandbox version 3.2.0 through 3.2.3
FortiSandbox version 3.0.1 through 3.0.7
FortiSandbox 3.1 all versions
Solutions
Please upgrade to FortiSandbox version 4.2.1 or above
Please upgrade to FortiSandbox version 4.0.3 or above
Please upgrade to FortiSandbox version 3.2.4 or above
Acknowledgement
Internally discovered and reported by Théo Leleu of Fortinet Product Security team.
Timeline
2023-03-21: Initial publication