CVE-2024-52961

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 63.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisandbox
Timeline
PublishedMar 11

Description

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortisandbox3.0.04.0.6+3
CVEListV5fortinet/fortisandbox4.4.04.4.6+6

🔴Vulnerability Details

2
GHSA
GHSA-mvc2-5crr-f7g7: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 52025-03-11
CVEList
CVE-2024-52961: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 52025-03-11

📋Vendor Advisories

1
Fortinet
Os command injection on vm download feature2025-03-11
CVE-2024-52961 (HIGH CVSS 8.8) | An improper neutralization of speci | cvebase.io