CVE-2024-54018

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

0.2%

top 63.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisandbox

Timeline

PublishedMar 11

Description

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortisandbox3.2.0 — 4.4.6

▶CVEListV5fortinet/fortisandbox4.4.0 — 4.4.4+3

🔴Vulnerability Details

CVEList

CVE-2024-54018: Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4↗2025-03-11

▶

GHSA

GHSA-j2cq-g9qm-4pcv: Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4↗2025-03-11

▶

📋Vendor Advisories

Fortinet

OS Command Injection in administrative interface↗2025-03-11

▶