CVE-2024-52960

CWE-6024 documents4 sources
Severity
8.8HIGH
EPSS
0.1%
top 67.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisandbox
Timeline
PublishedMar 11

Description

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortisandbox3.0.04.2.8+2
CVEListV5fortinet/fortisandbox4.4.04.4.6+6

🔴Vulnerability Details

2
CVEList
CVE-2024-52960: A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 52025-03-11
GHSA
GHSA-743h-33qg-wchq: A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 52025-03-11

📋Vendor Advisories

1
Fortinet
Client-side enforcement of server-side security related to vm download feature2025-03-11
CVE-2024-52960 (HIGH CVSS 8.8) | A client-side enforcement of server | cvebase.io