VDB
CISA-2024-27778
CISA-2024-27778
PUBLISHED
CVSS 8.3 HIGH
Reported by fortinet · Published January 14, 2025
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
Risk Scores
CVSS 3.1
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiSandbox | 4.4.0, 4.2.1, 4.0.0 |
| Fortinet | FortiSandbox | 4.4.0, 4.0.0, 3.1.0 |
Timeline
- Jan 14, 2025 CVE Published
- Jan 15, 2026 CVE Updated