Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-54027

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI.

Published

2025-03-17T14:15:19.613

Last Modified

2025-07-24T20:17:55.730

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Primary
CWE-321

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortisandbox	< 4.0.6	Yes
Application	fortinet	fortisandbox	< 4.2.8	Yes
Application	fortinet	fortisandbox	< 4.4.7	Yes
Application	fortinet	fortisandbox	5.0.0	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-327 Vendor Advisory ([email protected])