CVE-2024-54027

CWE-3214 documents4 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 92.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisandbox
Timeline
PublishedMar 17

Description

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

NVDfortinet/fortisandbox3.0.54.0.6+3
CVEListV5fortinet/fortisandbox4.4.04.4.6+6

🔴Vulnerability Details

2
CVEList
CVE-2024-54027: A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 42025-03-17
GHSA
GHSA-qcqx-4h2x-x43j: A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 42025-03-17

📋Vendor Advisories

1
Fortinet
Use of hardcoded key used for remote backup server password encryption2025-03-17
CVE-2024-54027 (MEDIUM CVSS 4.4) | A Use of Hard-coded Cryptographic K | cvebase.io