CVE-2024-27781
Published: 11 February 2025
Summary
CVE-2024-27781 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Fortinet Fortisandbox. Its CVSS base score is 7.1 (High).
Operationally, ranked in the top 8.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 mandates information input validation, directly addressing the improper neutralization of input during web page generation that enables this XSS vulnerability in FortiSandbox.
SI-15 requires information output filtering, preventing the injection of malicious scripts into generated web pages viewed by authenticated users exploiting this CVE.
SI-2 ensures timely flaw remediation through patching, directly mitigating this specific XSS vulnerability as recommended in the Fortinet advisory.
NVD Description
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an…
more
authenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
Deeper analysisAI
CVE-2024-27781 is a cross-site scripting (XSS) vulnerability stemming from improper neutralization of input during web page generation, classified under CWE-79. It affects multiple versions of Fortinet FortiSandbox, specifically 4.4.0 through 4.4.4, 4.2.1 through 4.2.6, 4.0.0 through 4.0.4, as well as all versions of 3.2, 3.1, and 3.0. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts under certain conditions.
An authenticated attacker with low privileges can exploit this vulnerability by sending crafted HTTP requests, potentially leading to the execution of unauthorized code or commands. Exploitation requires network access, high attack complexity, and user interaction, making it feasible in scenarios where a legitimate user with access to the FortiSandbox management interface is tricked into interacting with malicious content.
For mitigation details, refer to the Fortinet advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-063, which provides guidance on patches and workarounds for affected versions.
Details
- CWE(s)