CNNVD-202601-2144 Information
CNNVD ID
CNNVD-202601-2144
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Fortinet FortiSandbox是美国飞塔(Fortinet)公司的一款APT(高级持续性威胁)防护设备。该设备提供双重沙盒技术、动态威胁智能系统、实时控制面板和报告等功能。 Fortinet FortiSandbox 5.0.0版本至5.0.4版本、4.4所有版本、4.2所有版本和4.0所有版本存在代码问题漏洞,该漏洞源于服务端请求伪造,可能导致经过身份验证的攻击者通过特制HTTP请求代理仅限于纯文本端点的内部请求。
Description (English)
Fortinet FortiSandbox is an APT (Advanced Continuing Threat) protection unit of Fortinet. The equipment provides dual sandbox technology, dynamic threat intelligence systems, real-time control panels and reporting. Fortinet FortiSandbox version 5.0.0 to version 5.0.4, all version 4.4, all version 4.2 and all version 4.0 had a code breach, which originated in a service-end request for forgery, which could lead to a unique HTTP-specific internal request by an identified assailant to be limited to a purely text-based endpoint.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
飞塔
Published
2026-01-13
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-783 https://access.redhat.com/security/cve/cve-2025-67685
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-783
Share on: