CVE-2024-21756

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0.0 through 4.0.4 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0 through 4.4.3

Description The issue is related to an improper neutralization of special elements used in an os command, also known as 'os command injection', which allows an attacker to execute unauthorized code or commands via crafted requests. This can be exploited by a remote attacker to perform arbitrary commands.

Recommendations For Fortinet FortiSandbox versions 4.0.0 through 4.0.4, update to a version that fixes the os command injection issue. For Fortinet FortiSandbox versions 4.2.0 through 4.2.6, update to a version that fixes the os command injection issue. For Fortinet FortiSandbox versions 4.4.0 through 4.4.3, update to a version that fixes the os command injection issue. As a temporary workaround, consider restricting access to the os command functionality to minimize the risk of exploitation.