CVE-2024-27778

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.4.0 through 4.4.4 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions prior to 4.0.4

Description The issue is related to an improper neutralization of special elements used in an OS Command, allowing an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. This can be exploited by a remote attacker to execute arbitrary commands using specially crafted requests.

Recommendations For Fortinet FortiSandbox versions 4.4.0 through 4.4.4, update to a version outside of this range to mitigate the risk. For Fortinet FortiSandbox versions 4.2.0 through 4.2.6, update to a version outside of this range to mitigate the risk. For Fortinet FortiSandbox versions prior to 4.0.4, update to version 4.0.4 or later to mitigate the risk. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.