PT-2025-10772 · Fortinet · Fortisandbox

Published

2025-03-11

Updated

2025-03-13

CVE-2024-45328

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: FortiSandbox versions 4.4.0 through 4.4.6

Description: An incorrect authorization issue may allow a low-privileged administrator to execute elevated CLI commands via the GUI console menu. This could potentially lead to privilege escalation.

Recommendations: For FortiSandbox versions 4.4.0 through 4.4.6, consider restricting access to the GUI console menu to prevent low-privileged administrators from executing elevated CLI commands until a patch is available. As a temporary workaround, limit the privileges of administrators to minimize the risk of exploitation.

Fix

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-321

Related Identifiers

BDU:2025-02638

CVE-2024-45328

Affected Products

Fortisandbox

PT-2025-10772 · Fortinet · Fortisandbox

CVE-2024-45328

Weakness Enumeration

Related Identifiers

Affected Products

References · 12