PT-2025-10779 · Fortinet · Fortisandbox
Published
2025-03-11
·
Updated
2025-03-13
·
CVE-2024-52961
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Fortinet FortiSandbox versions 4.0.0 through 4.0.4
Fortinet FortiSandbox versions 4.2.0 through 4.2.7
Fortinet FortiSandbox versions 4.4.0 through 4.4.7
Fortinet FortiSandbox version 5.0.0
Description:
An improper neutralization of special elements used in an OS Command vulnerability in Fortinet FortiSandbox allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
Recommendations:
For Fortinet FortiSandbox versions 4.0.0 through 4.0.4, update to a version later than 4.0.4 to resolve the issue.
For Fortinet FortiSandbox versions 4.2.0 through 4.2.7, update to a version later than 4.2.7 to resolve the issue.
For Fortinet FortiSandbox versions 4.4.0 through 4.4.7, update to a version later than 4.4.7 to resolve the issue.
For Fortinet FortiSandbox version 5.0.0, update to a version later than 5.0.0 to resolve the issue.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisandbox