A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests
The vulnerability involves improper neutralization of special characters used in operating system commands (CWE-78). An attacker can send a specially crafted HTTP request containing malicious elements that are not properly filtered before being passed to the system command interpreter. Since the exploit does not require authentication or user interaction, the attack can be carried out remotely over the network without any prerequisites.
An attacker can execute arbitrary operating system commands on the device or cloud instance, which in practice may result in complete system takeover, data breach, configuration modification, or service disruption.
Apply patches available from the vendor according to references (https://fortiguard.fortinet.com/psirt/FG-IR-26-141). Until patches are deployed, it is recommended to restrict access to the HTTP/HTTPS interface of FortiSandbox devices exclusively to trusted IP addresses and monitor network traffic for anomalous HTTP requests.
Fortinet FortiSandbox 5.0.0–5.0.5, FortiSandbox 4.4.0–4.4.8, FortiSandbox 4.2 (all versions), FortiSandbox Cloud 5.0.4–5.0.5, FortiSandbox PaaS 5.0.4–5.0.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortisandbox
APPFortinet4.2.0 – 4.2.84.4.0 – 4.4.9 (bez)5.0.0 – 5.0.6 (bez)Fortinet Fortisandbox Cloud
APPFortinet5.0.4 – 5.0.6 (bez)Fortinet Fortisandbox Paas
APPFortinet5.0.4 – 5.0.6 (bez)
Related vulnerabilities
Brak autoryzacji w Fortinet FortiSandbox umożliwia zdalne wykonanie kodu
Command Injection w Fortinet FortiSandbox umożliwiający RCE
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 ...
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in...
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79]...