CVE-2024-21755
published 2024-04-09CVE-2024-21755: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.48%
82.6th percentile
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortisandbox | — | — |
| fortinet | fortisandbox | >= 4.0.0 < 4.0.5 | 4.0.5 |
| fortinet | fortisandbox | 4.0.0 – 4.0.4 | — |
| fortinet | fortisandbox | >= 4.2.0 < 4.2.7 | 4.2.7 |
| fortinet | fortisandbox | 4.2.1 – 4.2.6 | — |
| fortinet | fortisandbox | >= 4.4.0 < 4.4.4 | 4.4.4 |
| fortinet | fortisandbox | 4.4.0 – 4.4.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is Fortinet FortiSandbox; monitor for crafted requests to FortiSandbox endpoints that may contain OS command injection payloads (special elements used in OS commands) ↗
- →Vulnerability is specifically on a FortiSandbox endpoint (CWE-78 OS Command Injection); inspect HTTP requests to FortiSandbox management/API interfaces for shell metacharacters or injection sequences ↗
- ·Affected versions are FortiSandbox 4.4.0–4.4.3, 4.2.1–4.2.6, and 4.0.0–4.0.4; ensure detection rules scope to these version ranges and are updated when patched versions are deployed ↗
- ·This advisory covers two CVEs (CVE-2024-21755 and CVE-2024-21756) under the same FG-IR-23-489 advisory; detections should account for both vulnerabilities sharing the same CWE-78 class and affected product surface ↗
- ·CVSS score is 8.8 (High), indicating network-exploitable attack vector likely requiring authentication; prioritize detection on authenticated sessions to FortiSandbox endpoints ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Fortinet
OS command injection on endpoint
vendor_fortinet·2024-04-09·CVSS 8.8
CVE-2024-21755 [HIGH] CWE-78 OS command injection on endpoint
FG-IR-23-489: OS command injection on endpoint
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
CVEs: CVE-2024-21755, CVE-2024-21756
CWEs: CWE-78
CVSS: 8.8 (high)
Affected products: FortiSandbox, Fortinet
GHSA
GHSA-hm5j-36v4-g9h6: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4
ghsa_unreviewed·2024-04-09
CVE-2024-21755 [HIGH] CWE-78 GHSA-hm5j-36v4-g9h6: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-09
Published