A critical path traversal vulnerability in Fortinet FortiSandbox allows unauthenticated attackers to escalate privileges and compromise the system.

This is a path traversal flaw residing in the file directory handling logic, which can be triggered by an unauthenticated attacker to manipulate system files and escalate privileges.

With a CVSS score of 9.8, this vulnerability poses an extreme risk to organizational security. Successful exploitation allows an attacker to bypass security boundaries, potentially leading to full system compromise, unauthorized access to sensitive sandbox data, and the ability to execute arbitrary code with elevated privileges.

Immediate Action: Update FortiSandbox to the latest vendor-supplied version immediately to patch the directory traversal flaw.

Proactive Monitoring: Review system access logs for anomalous directory traversal patterns or unexpected file modification attempts targeting internal system directories.

Compensating Controls: Deploy a Web Application Firewall (WAF) or intrusion prevention system (IPS) with rulesets configured to detect and block directory traversal sequences (e.g., ../) in incoming traffic.

Public Exploit Available: Unknown

Given the critical CVSS severity, administrators must prioritize patching affected FortiSandbox appliances. The ability for an unauthenticated attacker to achieve privilege escalation represents a severe threat to the integrity and confidentiality of the entire network segment where the sandbox resides.