Fortinet FortiSandbox Hard-Coded Cryptographic Key Vulnerability Allowing Data Exposure via CLI

Vulnerability

A vulnerability allowing the use of hard-coded cryptographic keys has been identified in Fortinet FortiSandbox versions 4.4.6 and prior, 4.2.7 and prior, 4.0.5 and prior, 3.2.4 and prior, 3.1.5 and prior, and 3.0.7 to 3.0.5. This vulnerability may enable a privileged attacker with a super-admin profile and CLI access to read sensitive data through the command line interface.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data via the CLI.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiSandbox Hard-Coded Cryptographic Key Vulnerability Allowing Data Exposure via CLI

Vulnerability

Impact

Affected Products

Fortinet FortiSandbox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating