CVE-2024-45328

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
fortinetCNA
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
fortinetfortisandbox
4.4.0 ≤
𝑥
< 4.4.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-261