CVE-2024-52960
Published: 11 March 2025
Summary
CVE-2024-52960 is a medium-severity Client-Side Enforcement of Server-Side Security (CWE-602) vulnerability in Fortinet Fortisandbox. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 mandates server-side enforcement of access control policies, directly mitigating the client-side enforcement failure that allows read-only users to execute unauthorized commands via crafted requests.
SI-10 requires validation and sanitization of all inputs, preventing exploitation through crafted requests that bypass client-side security checks.
AC-6 enforces least privilege, limiting the impact by ensuring read-only permissions do not allow command execution even if enforcement is bypassed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in network-accessible FortiSandbox application allows authenticated low-privilege attacker to execute unauthorized commands via crafted requests, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059 (Command and Scripting Interpreter) for command execution.
NVD Description
A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
Deeper analysisAI
CVE-2024-52960 is a client-side enforcement of server-side security vulnerability, classified as CWE-602, affecting Fortinet FortiSandbox in version 5.0.0, versions 4.4.0 through 4.4.6, and all versions before 4.2.7. The issue, published on 2025-03-11, carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, and low privileges required.
An authenticated attacker with at least read-only permissions can exploit the vulnerability by sending crafted requests, allowing execution of unauthorized commands. This results in an integrity impact without affecting confidentiality or availability, and requires no user interaction.
Mitigation details are available in the Fortinet product security incident response advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-305.
Details
- CWE(s)