cbcvebase.
CVE-2024-27778
published 2025-01-14

CVE-2024-27778: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.55%
41.6th percentile
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

Affected

11 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortisandbox
fortinetfortisandbox>= 3.0.5 < 4.0.54.0.5
fortinetfortisandbox3.0.5 – 3.0.7
fortinetfortisandbox3.1.0 – 3.1.5
fortinetfortisandbox3.2.0 – 3.2.4
fortinetfortisandbox4.0.0 – 4.0.4
fortinetfortisandbox>= 4.2.0 < 4.2.74.2.7
fortinetfortisandbox4.2.1 – 4.2.6
fortinetfortisandbox>= 4.4.0 < 4.4.54.4.5
fortinetfortisandbox4.4.0 – 4.4.4

Detection & IOCsextracted from sources · hover to see the quote

  • Authenticated OS command injection via crafted HTTP requests; monitor for unexpected OS command execution originating from FortiSandbox web/API processes by low-privileged (read-only) accounts
  • Classify as CWE-78 (OS Command Injection); look for special shell metacharacters injected into FortiSandbox request parameters
  • ·Affected versions span multiple FortiSandbox branches; ensure version checks cover all listed ranges before concluding a device is patched
  • ·Exploitation requires authentication with at least read-only privilege; access controls alone are insufficient mitigation — patch is required
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.