Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2024-20429)

2024-04-1900:00:00

China National Vulnerability Database

www.cnvd.org.cn

fortinet

fortisandbox

command injection

vulnerability

apt

threat intelligence

operating system

exploitation

cli

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Fortinet FortiSandbox is an APT (Advanced Persistent Threat) protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from an operating system command injection vulnerability that stems from the presence of an operating system command injection vulnerability that can be exploited by an attacker to execute unauthorized code or commands via the CLI.

CPENameOperatorVersion
fortinet fortisandbox >=3.2.0，le3.2.4
fortinet fortisandbox >=4.0.0，le4.0.5
fortinet fortisandbox >=4.2.0，le4.2.6
fortinet fortisandbox >=3.0.5，le3.0.7
fortinet fortisandbox >=4.4.0，le4.4.2

Name	Operator	Version
fortinet fortisandbox >=3.2.0，	le	3.2.4
fortinet fortisandbox >=4.0.0，	le	4.0.5
fortinet fortisandbox >=4.2.0，	le	4.2.6
fortinet fortisandbox >=3.0.5，	le	3.0.7
fortinet fortisandbox >=4.4.0，	le	4.4.2