CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54027
https://notcve.org/view.php?id=CVE-2024-54027
17 Mar 2025 — A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI. • https://fortiguard.fortinet.com/psirt/FG-IR-24-327 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-52960
https://notcve.org/view.php?id=CVE-2024-52960
11 Mar 2025 — A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthor... • https://fortiguard.fortinet.com/psirt/FG-IR-24-305 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-52961
https://notcve.org/view.php?id=CVE-2024-52961
11 Mar 2025 — An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-306 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •