Cyber Resilience

CVE-2024-54027

High

Published: 17 March 2025

Published
17 March 2025
Modified
24 July 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0008 22.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54027 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Fortinet Fortisandbox. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 22.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SC-12 (Cryptographic Key Establishment and Management).

Deeper analysis

CVE-2024-54027 is a Use of Hard-coded Cryptographic Key vulnerability (CWE-321) affecting FortiSandbox in multiple versions, including 4.4.6 and below, 4.2.7 and below, 4.0.5 and below, 3.2.4 and below, 3.1.5 and below, and 3.0.7 through 3.0.5. Published on 2025-03-17, it has a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts with a changed scope.

The vulnerability can be exploited by a privileged attacker who possesses a super-admin profile and CLI access to the affected FortiSandbox instance. Such an attacker may read sensitive data via CLI commands, potentially exposing cryptographic keys or other confidential information stored or processed by the system.

Fortinet's PSIRT advisory FG-IR-24-327, available at https://fortiguard.fortinet.com/psirt/FG-IR-24-327, details recommended mitigations and patches for this issue.

EU & UK References

Vulnerability details

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with…

more

super-admin profile and CLI access to read sensitive data via CLI.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Vulnerability allows privileged CLI access to read sensitive data and hard-coded cryptographic keys, directly enabling local data collection and unsecured credential access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53949Same product: Fortinet Fortisandbox
CVE-2024-54018Same product: Fortinet Fortisandbox
CVE-2024-45328Same product: Fortinet Fortisandbox
CVE-2024-52961Same product: Fortinet Fortisandbox
CVE-2026-39813Same product: Fortinet Fortisandbox
CVE-2026-39808Same product: Fortinet Fortisandbox
CVE-2024-27781Same product: Fortinet Fortisandbox
CVE-2024-52960Same product: Fortinet Fortisandbox
CVE-2025-52436Same product: Fortinet Fortisandbox
CVE-2024-27778Same product: Fortinet Fortisandbox

Affected Assets

fortinet
fortisandbox
5.0.0 · 3.0.5 — 4.0.6 · 4.2.0 — 4.2.8 · 4.4.0 — 4.4.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires proper cryptographic key management processes that prohibit hard-coding keys, directly preventing CWE-321 vulnerabilities like this one in FortiSandbox.

prevent

Mandates timely flaw remediation through patching, directly addressing the hard-coded key vulnerability as recommended in Fortinet's advisory.

prevent

Enforces least privilege to limit super-admin profiles and CLI access required for exploitation by privileged attackers.

References