Client-Side Enforcement Vulnerability in Fortinet FortiSandbox Products
CVE-2024-52960

4.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisandbox
Vendor: CVE Published:; 11 March 2025

Summary

A threat exists in Fortinet's FortiSandbox where an authenticated attacker with read-only permissions can exploit a client-side enforcement of server-side security vulnerability. This issue allows the execution of unauthorized commands through specifically crafted requests, potentially compromising the integrity of the system.

Affected Version(s)

FortiSandbox 5.0.0

FortiSandbox 4.4.0 <= 4.4.6

FortiSandbox 4.2.0 <= 4.2.7

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-305

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Nov 18, 2024