FortiSandbox - OS command injection on endpoint

April 9, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

attacker command command injection cwe endpoint injection may os command permission requests special unauthorized vulnerabilities

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 2 weeks, 5 days ago | fortiguard.fortinet.com

attacker cwe disclaimer may +8

Exposure of password hashes to read-only admin 2 weeks, 5 days ago | fortiguard.fortinet.com

admin control cwe data +11

Double free with double usage of json_object_put 2 weeks, 5 days ago | fortiguard.fortinet.com

attacker code commands cwe +9

Format String Bug in cli command 2 weeks, 5 days ago | fortiguard.fortinet.com

amp arbitrary code arbitrary code execution attacker +19

Client IP relies on X-Forwarded-For and other headers 2 weeks, 5 days ago | fortiguard.fortinet.com

attack bypass client cwe +10

Buffer overflow in administrative interface 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +13

Code injection in playbook code snippet step 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +7

Client-side enforcement of server-side security related to customer reports features 2 weeks, 5 days ago | fortiguard.fortinet.com

access account attacker client +16

HTTP/2 CONTINUATION Frames Vulnerability 2 weeks, 5 days ago | fortiguard.fortinet.com

attack can connection crash +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com

all InfoSec news

FortiSandbox - OS command injection on endpoint

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

CyberSOC Technical Lead

Cyber Security Strategy Consultant

Cyber Security Senior Consultant

Sr. Product Manager

Security Compliance Strategist

Cloud Security Architect, Lead