CVE-2024-45328

Published: Mar 11, 2025Modified: Jul 24, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@fortinet.com (Secondary)

Description

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

Affected (1)

Products: Fortinet: Fortisandbox

Fortinet

1 product

Fortisandbox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortisandbox	From 4.4.0 to 4.4.7

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-261

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.