CVE-2024-54027

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 4.4.6 and below FortiSandbox versions 4.2.7 and below FortiSandbox versions 4.0.5 and below FortiSandbox versions 3.2.4 and below FortiSandbox versions 3.1.5 and below FortiSandbox versions 3.0.5 through 3.0.7

Description The issue is related to a Use of Hard-coded Cryptographic Key, which may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via the command-line interface. This could potentially enable an attacker to gain unauthorized access to protected information.

Recommendations For FortiSandbox versions 4.4.6 and below, update to a version above 4.4.6 to resolve the issue. For FortiSandbox versions 4.2.7 and below, update to a version above 4.2.7 to resolve the issue. For FortiSandbox versions 4.0.5 and below, update to a version above 4.0.5 to resolve the issue. For FortiSandbox versions 3.2.4 and below, update to a version above 3.2.4 to resolve the issue. For FortiSandbox versions 3.1.5 and below, update to a version above 3.1.5 to resolve the issue. For FortiSandbox versions 3.0.5 through 3.0.7, update to a version above 3.0.7 to resolve the issue. As a temporary workaround, consider restricting CLI access to minimize the risk of exploitation.