CVE-2024-21755

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0.0 through 4.0.4 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0 through 4.4.3

Description The issue exists due to improper neutralization of special elements used in an os command, also known as 'os command injection'. This allows a remote attacker to execute unauthorized code or commands via crafted requests.

Recommendations For Fortinet FortiSandbox versions 4.0.0 through 4.0.4, update to a version that fixes the 'os command injection' issue. For Fortinet FortiSandbox versions 4.2.0 through 4.2.6, update to a version that fixes the 'os command injection' issue. For Fortinet FortiSandbox versions 4.4.0 through 4.4.3, update to a version that fixes the 'os command injection' issue. As a temporary workaround, consider restricting access to the vulnerable os command functionality until a patch is available.