CVE-2024-54018

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Mar 11, 2025

CWE ID 78

Summary

CVE-2024-54018 is a newly disclosed vulnerability affecting FortiSandbox versions prior to 4.4.5. This issue involves multiple improper neutralization of special elements in OS commands (CWE-78), allowing a privileged attacker to execute unauthorized commands through carefully crafted requests. The consequences of exploiting this weakness can result in significant security risks and potential system compromise. FortiSandbox users are strongly urged to apply the latest security patch to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiSandbox

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0-tWJc
https://www.cve.org/CVERecord?id=CVE-2024-54018
https://nvd.nist.gov/vuln/detail/CVE-2024-54018

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners