CVE-2024-54018

HighRCE

Published: 11 March 2025

Published

11 March 2025

Modified

23 July 2025

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0225 84.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54018 is a high-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortisandbox. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 15.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates CWE-78 command injection by requiring information input validation and sanitization at points where crafted requests are passed to OS commands.

SI-2 Flaw Remediation good match

prevent

Mitigates the specific flaw in FortiSandbox before 4.4.5 by requiring timely flaw remediation through vendor-recommended upgrades.

AC-6 Least Privilege partial match

prevent

Reduces impact of unauthorized command execution by enforcing least privilege on high-privilege accounts used by attackers.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

The CVE describes OS command injection (CWE-78) allowing a privileged attacker to execute arbitrary commands via crafted requests due to unsanitized inputs passed to the OS, directly enabling Unix Shell execution on the Linux-based FortiSandbox appliance.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.

Deeper analysisAI

CVE-2024-54018 consists of multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in FortiSandbox versions before 4.4.5. These flaws allow a privileged attacker to execute unauthorized commands via crafted requests, stemming from inadequate sanitization of inputs that are passed to underlying operating system commands.

The vulnerability has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low attack complexity, but requires high privileges. A suitably privileged attacker, such as an administrator with access to the system, can craft malicious requests to inject and execute arbitrary OS commands, potentially achieving high impacts on confidentiality, integrity, and availability, including full system compromise.

Fortinet's PSIRT advisory (FG-IR-24-110) details the vulnerabilities and recommends upgrading to FortiSandbox 4.4.5 or later to mitigate the issues, as all prior versions are affected.

Details

CWE(s): CWE-78

Affected Products

fortinet

fortisandbox

3.2.0 — 4.4.6

CVEs Like This One

CVE-2025-53949Same product: Fortinet Fortisandbox

CVE-2026-39808Same product: Fortinet Fortisandbox

CVE-2024-52961Same product: Fortinet Fortisandbox

CVE-2024-27778Same product: Fortinet Fortisandbox

CVE-2024-54027Same product: Fortinet Fortisandbox

CVE-2026-39813Same product: Fortinet Fortisandbox

CVE-2024-55590Same vendor: Fortinet

CVE-2024-52960Same product: Fortinet Fortisandbox

CVE-2024-45328Same product: Fortinet Fortisandbox

CVE-2024-27781Same product: Fortinet Fortisandbox

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-110
Vendor Advisory · psirt@fortinet.com