FortiSandbox - Command injection impacting CLI command

April 9, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.

access admin arbitrary code attacker cli code command command injection cwe injection may os command privileged profile special super vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 4 days, 15 hours ago | fortiguard.fortinet.com

attacker cwe disclaimer may +8

Exposure of password hashes to read-only admin 4 days, 15 hours ago | fortiguard.fortinet.com

admin control cwe data +11

Double free with double usage of json_object_put 4 days, 15 hours ago | fortiguard.fortinet.com

attacker code commands cwe +9

Format String Bug in cli command 4 days, 15 hours ago | fortiguard.fortinet.com

amp arbitrary code arbitrary code execution attacker +19

Client IP relies on X-Forwarded-For and other headers 4 days, 15 hours ago | fortiguard.fortinet.com

attack bypass client cwe +10

Buffer overflow in administrative interface 4 days, 15 hours ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +13

Code injection in playbook code snippet step 4 days, 15 hours ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +7

Client-side enforcement of server-side security related to customer reports features 4 days, 15 hours ago | fortiguard.fortinet.com

access account attacker client +16

HTTP/2 CONTINUATION Frames Vulnerability 4 days, 15 hours ago | fortiguard.fortinet.com

attack can connection crash +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States

View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France

View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom

View on infosec-jobs.com

all InfoSec news

FortiSandbox - Command injection impacting CLI command

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

Infrastructure Consultant