FortiSandbox - Command injection impacting CLI command

April 9, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.

access admin arbitrary code attacker cli code command command injection cwe injection may os command privileged profile special super vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 3 weeks, 1 day ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 3 weeks, 1 day ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 3 weeks, 1 day ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 3 weeks, 1 day ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 3 weeks, 1 day ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Senior Software Engineer, Security

@ Niantic | Zürich, Switzerland

View on infosec-jobs.com

Consultant expert en sécurité des systèmes industriels (H/F)

@ Devoteam | Levallois-Perret, France

View on infosec-jobs.com

Cybersecurity Analyst

@ Bally's | Providence, Rhode Island, United States

View on infosec-jobs.com

Digital Trust Cyber Defense Executive

@ KPMG India | Gurgaon, Haryana, India

View on infosec-jobs.com

Program Manager - Cybersecurity Assessment Services

@ TestPros | Remote (and DMV), DC

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiSandbox - Command injection impacting CLI command

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Social Engineer For Reverse Engineering Exploit Study

Senior Software Engineer, Security

Consultant expert en sécurité des systèmes industriels (H/F)

Cybersecurity Analyst

Digital Trust Cyber Defense Executive

Program Manager - Cybersecurity Assessment Services