CVE-2024-54027
Published: 17 March 2025
Summary
CVE-2024-54027 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Fortinet Fortisandbox. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 22.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SC-12 (Cryptographic Key Establishment and Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires proper cryptographic key management processes that prohibit hard-coding keys, directly preventing CWE-321 vulnerabilities like this one in FortiSandbox.
Mandates timely flaw remediation through patching, directly addressing the hard-coded key vulnerability as recommended in Fortinet's advisory.
Enforces least privilege to limit super-admin profiles and CLI access required for exploitation by privileged attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability allows privileged CLI access to read sensitive data and hard-coded cryptographic keys, directly enabling local data collection and unsecured credential access.
NVD Description
A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with…
more
super-admin profile and CLI access to read sensitive data via CLI.
Deeper analysisAI
CVE-2024-54027 is a Use of Hard-coded Cryptographic Key vulnerability (CWE-321) affecting FortiSandbox in multiple versions, including 4.4.6 and below, 4.2.7 and below, 4.0.5 and below, 3.2.4 and below, 3.1.5 and below, and 3.0.7 through 3.0.5. Published on 2025-03-17, it has a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts with a changed scope.
The vulnerability can be exploited by a privileged attacker who possesses a super-admin profile and CLI access to the affected FortiSandbox instance. Such an attacker may read sensitive data via CLI commands, potentially exposing cryptographic keys or other confidential information stored or processed by the system.
Fortinet's PSIRT advisory FG-IR-24-327, available at https://fortiguard.fortinet.com/psirt/FG-IR-24-327, details recommended mitigations and patches for this issue.
Details
- CWE(s)