CVE-2024-21755

Summary

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox4.4.0 <= 4.4.3affected
FortinetFortiSandbox4.2.1 <= 4.2.6affected
FortinetFortiSandbox4.0.0 <= 4.0.4affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References