CNNVD-202507-2484 Information
CNNVD ID
CNNVD-202507-2484
Related CVE
- CNNVD Published: 2025-07-18
Description (Chinese)
Fortinet FortiSandbox和Fortinet FortiIsolator都是美国飞塔(Fortinet)公司的产品。Fortinet FortiSandbox是一款APT(高级持续性威胁)防护设备。该设备提供双重沙盒技术、动态威胁智能系统、实时控制面板和报告等功能。Fortinet FortiIsolator是一个为浏览器提供远程安全隔离功能的应用。该应用为Fortinet Security Fabric添加了额外的高级威胁防护功能,并保护关键业务数据免受网络上复杂威胁的侵害。来自Web的内容和文件在远程容器中访问,然后将无风险的内容呈现给用户。 Fortinet FortiSandbox和Fortinet FortiIsolator存在代码问题漏洞,该漏洞源于会话过期不足,可能导致远程攻击者继续使用已删除管理员会话。以下产品及版本受到影响:FortiSandbox 4.4.4及之前版本、4.2.6及之前版本、4.0所有版本、3.2所有版本和FortiIsolator 2.4及之前版本、2.3所有版本、2.2所有版本、2.1所有版本、2.0所有版本、1.2所有版本。
Description (English)
Fortinet FortiSandbox and Fortinet FortiIsolator are products of Fortinet. Fortinet FortiSandbox is an APT (Advanced Continuing Threat) protective equipment. The equipment provides dual sandbox technology, dynamic threat intelligence systems, real-time control panels and reporting. Fortinet FortiIsolator is an application that provides long-range safety isolation for browsers. The application added additional advanced threat protection to Fortinet Security Fabric and protected critical operational data from complex threats on the web. Content and files from Web are accessed in remote containers and no risk content is presented to users. Fortinet FortiSandbox and Fortinet FortiIsolator had a code gap, which stemmed from expired sessions and could lead to long-range attackers continuing to use deleted administrator sessions. The following products and versions were affected: FortiSandbox 4.4.4 and earlier, 4.2.6 and earlier, 4.0 and all versions, 3.2 and FortiIsolator 2.4 and earlier, 2.3 and 2.2, 2.1 and 2.0 and 1.2.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
飞塔
Published
2025-07-18
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-035 https://access.redhat.com/security/cve/cve-2024-27779
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-035
Share on: