Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-21756


A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..


Published

2024-04-09T15:15:31.173

Last Modified

2024-12-23T15:02:00.357

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-78

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fortinet fortisandbox < 4.0.5 Yes
Application fortinet fortisandbox < 4.2.7 Yes
Application fortinet fortisandbox < 4.4.4 Yes

References