Fortinet Addresses Multiple Vulnerabilities in FortiSandbox, FortiOS, & Other Products

By Published On: March 15, 2025

Fortinet Addresses Multiple Vulnerabilities in FortiSandbox, FortiOS, & Other Products

Fortinet has released a comprehensive security update addressing numerous vulnerabilities across its product portfolio, with particularly significant issues identified in FortiSandbox, FortiOS, and several other enterprise security solutions. 

These vulnerabilities range from medium to high severity and could potentially allow attackers to execute unauthorized commands, access sensitive information, or bypass security controls in affected deployments. 

The patches come as part of Fortinet’s ongoing security maintenance coordinated through their Product Security Incident Response Team (PSIRT).

FortiSandbox Vulnerabilities
OS Command vulnerability – CVE-2024-52961

FortiSandbox, Fortinet’s advanced threat detection solution, has been found to contain several concerning security flaws. 

Among the most severe is CVE-2024-52961, a high-severity OS command injection vulnerability affecting FortiSandbox versions 5.0.0 through 4.4.3. 

This improper neutralization of special elements used in OS commands (CWE-78) could allow attackers to execute arbitrary commands through the virtual machine download feature. 

The vulnerability represents a significant security risk as it could potentially lead to unauthorized system access or control.

Risk Factors Details
Affected Products FortiSandbox 5.0.0, 4.4.0-4.4.6, 4.2.0-4.2.7, 4.0.0-4.0.5, and all 3.x versions
Impact Execution of unauthorized commands
Exploit Prerequisites Authentication with at least read-only permission
CVSS 3.1 Score Not specified (High severity)
Incorrect authorization vulnerability – CVE-2024-45328

FortiSandbox suffers from CVE-2024-45328, a high-severity incorrect authorization vulnerability (CWE-863) that might allow low-privileged users to gain unauthorized access to administrative functions in the GUI console. This vulnerability affects multiple versions, including 4.4.6 through 4.2.0. 

Risk Factors Details
Affected Products FortiSandbox 4.4.6, 4.4.5, 4.4.4, 4.4.3, 4.4.2 and earlier
Impact Execution of elevated CLI commands
Exploit Prerequisites Low-privileged administrator access
CVSS 3.1 Score Not specified (High severity)

Another notable issue, CVE-2024-54027, involves the use of hardcoded cryptographic keys (CWE-321) for remote backup server password encryption, potentially compromising the confidentiality of backup data.

Format String and SQL Injection Vulnerabilities Across Products
Format String Vulnerability – CVE-2024-45324

A particularly widespread vulnerability is CVE-2024-45324, a high-severity format string vulnerability (CWE-134) affecting multiple product lines including FortiOS, FortiProxy, FortiPAM, FortiSRA, and FortiWeb. 

This vulnerability could allow attackers to potentially crash applications or execute code by manipulating externally-controlled format strings. The affected versions span across numerous release branches, including FortiOS 7.4.4 through 7.0.0 and FortiWeb 7.6.0 through 6.3.0.

Risk Factors Details
Affected Products FortiOS 7.4.4-7.4.0 and earlier, FortiProxy 7.6.0, 7.4.6-7.4.3 and earlier, FortiPAM 1.4.2-1.3.0, FortiSRA 1.4.2-1.4.0, FortiWeb 7.6.0, 7.4.5-7.4.2 and earlier
Impact unauthorized code or commands
Exploit Prerequisites Privileged access, crafted HTTP/HTTPS commands
CVSS 3.1 Score High severity
SQL injection vulnerability – CVE-2024-33501 and CVE-2024-54026

Several SQL injection vulnerabilities have also been identified. CVE-2024-33501 presents a medium-severity authenticated SQL injection vulnerability in the command-line interface of FortiAnalyzer and FortiManager products. 

Risk Factors Details
Affected Products FortiAnalyzer 7.4.0-7.4.2 and before 7.2.5, FortiManager 7.4.0-7.4.2 and before 7.2.5, FortiAnalyzer-BigData 7.4.0 and before 7.2.7
Impact unauthorized code or commands
Exploit Prerequisites Privileged access with CLI capabilities
CVSS 3.1 Score 4.2 

Similarly, FortiSandbox is affected by CVE-2024-54026, a medium-severity error-based SQL injection vulnerability in the device deletion feature.

Risk Factors Details
Affected Products FortiSandbox 4.4.6, 4.4.5, 4.4.4, 4.4.3, 4.4.2 and earlier
Impact unauthorized code or commands
Exploit Prerequisites Privileged access, crafted HTTP requests
CVSS 3.1 Score Medium severity
Command Injection and Authorization Issues
OS command injection Vulnerability – CVE-2024-32123 and CVE-2024-54018

The security update also addresses multiple command injection vulnerabilities, including CVE-2024-32123, which affects FortiAnalyzer and FortiManager products.

This medium-severity vulnerability involves improper neutralization of special elements in OS commands, potentially allowing command injection through the CLI. 

Risk Factors Details
Affected Products FortiManager 7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.5 and earlier
Impact unauthorized code or commands
Exploit Prerequisites Privileged access, crafted HTTP requests
CVSS 3.1 Score Medium severity

FortiSandbox users should be particularly concerned about CVE-2024-54018, another medium-severity OS command injection vulnerability in the administrative interface.

Risk Factors Details
Affected Products FortiSandbox 4.4.5, 4.4.4, 4.4.3, 4.4.2, 4.4.1 and earlier
Impact unauthorized code or commands
Exploit Prerequisites Privileged access, crafted HTTP requests
CVSS 3.1 Score Medium severity
Server-Side Security Vulnerability – CVE-2024-52960

Client-side security enforcement issues have also been discovered, with CVE-2024-52960 affecting FortiSandbox’s virtual machine download feature. This medium-severity vulnerability could undermine server-side security mechanisms if exploited.

Risk Factors Details
Affected Products FortiSandbox 5.0.0, 4.4.6, 4.4.5, 4.4.4, 4.4.3 and earlier
Impact unauthorized commands
Exploit Prerequisites Authentication with at least read-only permission
CVSS 3.1 Score Medium severity
Recommendations for Fortinet Customers

Fortinet strongly recommends customers upgrade to the latest versions of affected products as outlined in the security advisories. 

Organizations using FortiOS, FortiSandbox, or other affected products should prioritize these updates based on the severity ratings and their deployment configurations. 

Administrators should consult Fortinet’s Upgrade Path Tool for specific upgrade paths. The company continues to emphasize its commitment to security through its dedicated PSIRT process and consistent security patch delivery.

Share this article

Leave A Comment