CVE-2024-27778
Published: 14 January 2025
Description
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
Security Summary
CVE-2024-27778 is an improper neutralization of special elements used in an OS command vulnerability (CWE-78) affecting multiple versions of Fortinet FortiSandbox, including 4.4.0 through 4.4.4, 4.2.1 through 4.2.6, 4.0.0 through 4.0.4, all versions of 3.2 and 3.1, and 3.0.5 through 3.0.7. The vulnerability enables execution of unauthorized commands through crafted requests. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
An authenticated attacker with at least read-only permissions can exploit this vulnerability remotely by sending specially crafted requests to the FortiSandbox system. Successful exploitation allows the attacker to execute arbitrary operating system commands, potentially leading to full system compromise, data exfiltration, modification of sandbox configurations, or disruption of malware analysis workflows.
For mitigation details, refer to the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-061, which provides information on patches and recommended actions.
Details
- CWE(s)