cbcvebase.
CVE-2024-21756
published 2024-04-09

CVE-2024-21756: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3…

PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.18%
80.1th percentile
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..

Affected

9 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortisandbox
fortinetfortisandbox>= 4.0.0 < 4.0.54.0.5
fortinetfortisandbox4.0.0 – 4.0.4
fortinetfortisandbox>= 4.2.0 < 4.2.74.2.7
fortinetfortisandbox4.2.1 – 4.2.6
fortinetfortisandbox>= 4.4.0 < 4.4.44.4.4
fortinetfortisandbox4.4.0 – 4.4.3
googlechrome_chrome

Detection & IOCsextracted from sources · hover to see the quote

  • Target product is Fortinet FortiSandbox; look for crafted HTTP requests to FortiSandbox endpoints that contain OS command injection payloads (special shell metacharacters) in request parameters.
  • Vulnerability class is OS Command Injection (CWE-78) on a FortiSandbox endpoint; monitor for anomalous process spawning from FortiSandbox web/API service processes, especially shell child processes.
  • ·Affected versions are FortiSandbox 4.4.0–4.4.3, 4.2.1–4.2.6, and 4.0.0–4.0.4. Ensure detection/patching scope covers all three affected branches.
  • ·This advisory covers two CVEs (CVE-2024-21755 and CVE-2024-21756) under the same FG-IR-23-489 advisory; both relate to OS command injection on FortiSandbox endpoints and should be treated together for patching and detection purposes.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.