CVE-2024-27778
published 2025-01-14CVE-2024-27778: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4…
PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.55%
41.6th percentile
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortisandbox | — | — |
| fortinet | fortisandbox | >= 3.0.5 < 4.0.5 | 4.0.5 |
| fortinet | fortisandbox | 3.0.5 – 3.0.7 | — |
| fortinet | fortisandbox | 3.1.0 – 3.1.5 | — |
| fortinet | fortisandbox | 3.2.0 – 3.2.4 | — |
| fortinet | fortisandbox | 4.0.0 – 4.0.4 | — |
| fortinet | fortisandbox | >= 4.2.0 < 4.2.7 | 4.2.7 |
| fortinet | fortisandbox | 4.2.1 – 4.2.6 | — |
| fortinet | fortisandbox | >= 4.4.0 < 4.4.5 | 4.4.5 |
| fortinet | fortisandbox | 4.4.0 – 4.4.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authenticated OS command injection via crafted HTTP requests; monitor for unexpected OS command execution originating from FortiSandbox web/API processes by low-privileged (read-only) accounts ↗
- →Classify as CWE-78 (OS Command Injection); look for special shell metacharacters injected into FortiSandbox request parameters ↗
- ·Affected versions span multiple FortiSandbox branches; ensure version checks cover all listed ranges before concluding a device is patched ↗
- ·Exploitation requires authentication with at least read-only privilege; access controls alone are insufficient mitigation — patch is required ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q35w-cr5p-7qc3: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4
ghsa_unreviewed·2025-01-14
CVE-2024-27778 [HIGH] CWE-78 GHSA-q35w-cr5p-7qc3: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
Fortinet
OS command injection
vendor_fortinet·2025-01-14·CVSS 8.8
CVE-2024-27778 [HIGH] CWE-78 OS command injection
FG-IR-24-061: OS command injection
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
CVEs: CVE-2024-27778
CWEs: CWE-78
CVSS: 8.8 (high)
Affected products: FortiSandbox, Fortinet
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-14
Published