Main Vulnerability Database Vulnerabilities #VU107353

OS Command Injection in FortiSandbox - CVE-2024-27778

Published: April 10, 2025

Vulnerability identifier: #VU107353

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-27778

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiSandbox

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The vulnerability exists due to improper neutralization of special elements used in an os command ('os command injection'). An authenticated attacker with at least read-only permission can execute unauthorized commands via crafted requests.

How to mitigate CVE-2024-27778

Install update from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-24-061

OS Command Injection in FortiSandbox - CVE-2024-27778

Detailed vulnerability description

How to mitigate CVE-2024-27778

Sources

Please verify you're human