CVE-2024-52960
Published: 11 March 2025
Description
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Security Summary
CVE-2024-52960 is a client-side enforcement of server-side security vulnerability, classified as CWE-602, affecting Fortinet FortiSandbox in version 5.0.0, versions 4.4.0 through 4.4.6, and all versions before 4.2.7. The issue, published on 2025-03-11, carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, and low privileges required.
An authenticated attacker with at least read-only permissions can exploit the vulnerability by sending crafted requests, allowing execution of unauthorized commands. This results in an integrity impact without affecting confidentiality or availability, and requires no user interaction.
Mitigation details are available in the Fortinet product security incident response advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-305.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability in network-accessible FortiSandbox application allows authenticated low-privilege attacker to execute unauthorized commands via crafted requests, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059 (Command and Scripting Interpreter) for command execution.