Fortinet FortiSandbox Client-Side Enforcement of Server-Side Security Vulnerability Allowing Unauthorized Command Execution

Vulnerability

A vulnerability in Fortinet FortiSandbox in versions 5.0.0, 4.4.0 through 4.4.6, and prior to 4.2.7, allows an authenticated attacker with at least read-only permissions to execute unauthorized commands by sending crafted requests. This issue arises from a client-side enforcement of server-side security, categorized under CWE-602.

Impact

Exploitation of this vulnerability allows for the execution of unauthorized commands on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiSandbox Client-Side Enforcement of Server-Side Security Vulnerability Allowing Unauthorized Command Execution

Vulnerability

Impact

Affected Products

Fortinet FortiSandbox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating