CVE-2024-27778
Published: 14 January 2025
Summary
CVE-2024-27778 is a high-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortisandbox. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 33.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of information inputs, directly addressing the improper neutralization of special elements that enables OS command injection via crafted requests.
SI-2 mandates timely identification, reporting, and correction of flaws, enabling patching of this specific command injection vulnerability as recommended in the Fortinet advisory.
AC-3 enforces approved authorizations for access to system resources, mitigating unauthorized OS command execution even for read-only authenticated users.
NVD Description
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7…
more
allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
Deeper analysisAI
CVE-2024-27778 is an improper neutralization of special elements used in an OS command vulnerability (CWE-78) affecting multiple versions of Fortinet FortiSandbox, including 4.4.0 through 4.4.4, 4.2.1 through 4.2.6, 4.0.0 through 4.0.4, all versions of 3.2 and 3.1, and 3.0.5 through 3.0.7. The vulnerability enables execution of unauthorized commands through crafted requests. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
An authenticated attacker with at least read-only permissions can exploit this vulnerability remotely by sending specially crafted requests to the FortiSandbox system. Successful exploitation allows the attacker to execute arbitrary operating system commands, potentially leading to full system compromise, data exfiltration, modification of sandbox configurations, or disruption of malware analysis workflows.
For mitigation details, refer to the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-061, which provides information on patches and recommended actions.
Details
- CWE(s)