VDB

CISA-2024-27778

CISA-2024-27778 PUBLISHED CVSS 8.3 HIGH

Reported by fortinet · Published January 14, 2025

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

Risk Scores

CVSS 3.1
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X

Affected Products

VendorProductVersions
FortinetFortiSandbox4.4.0, 4.2.1, 4.0.0
FortinetFortiSandbox4.4.0, 4.0.0, 3.1.0

Timeline

  • Jan 14, 2025 CVE Published
  • Jan 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›