Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-q35w-cr5p-7qc3

Опубликовано: 14 янв. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 8.8

Описание

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

Ссылки

EPSS

Процентиль: 55%
0.00324
Низкий

8.8 High

CVSS3

CVE ID

CVE-2024-27778

Дефекты

CWE-78

Связанные уязвимости

nvd логотип

CVE-2024-27778

CVSS3: 8.8
nvd
около 1 года назад

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

fstec логотип

BDU:2025-00474

CVSS3: 8.8
fstec
около 1 года назад

Уязвимость графического интерфейса системы выявления и устранения угроз FortiSandbox, позволяющая нарушителю выполнять произвольные команды

EPSS

Процентиль: 55%
0.00324
Низкий

8.8 High

CVSS3

CVE ID

CVE-2024-27778

Дефекты

CWE-78