CVE-2024-54027
Published: 17 March 2025
Description
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Security Summary
CVE-2024-54027 is a Use of Hard-coded Cryptographic Key vulnerability (CWE-321) affecting FortiSandbox in multiple versions, including 4.4.6 and below, 4.2.7 and below, 4.0.5 and below, 3.2.4 and below, 3.1.5 and below, and 3.0.7 through 3.0.5. Published on 2025-03-17, it has a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts with a changed scope.
The vulnerability can be exploited by a privileged attacker who possesses a super-admin profile and CLI access to the affected FortiSandbox instance. Such an attacker may read sensitive data via CLI commands, potentially exposing cryptographic keys or other confidential information stored or processed by the system.
Fortinet's PSIRT advisory FG-IR-24-327, available at https://fortiguard.fortinet.com/psirt/FG-IR-24-327, details recommended mitigations and patches for this issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability allows privileged CLI access to read sensitive data and hard-coded cryptographic keys, directly enabling local data collection and unsecured credential access.