{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:49:25.520","vulnerabilities":[{"cve":{"id":"CVE-2024-27778","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:29.053","lastModified":"2026-01-14T15:15:54.763","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests."},{"lang":"es","value":"Una neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo [CWE-78] en Fortinet FortiSandbox versión 4.4.0 a 4.4.4, 4.2.0 a 4.2.6 y anteriores a 4.0.4 permite que un atacante autenticado con al menos permiso de solo lectura ejecute comandos no autorizados a través de solicitudes manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.5","versionEndExcluding":"4.0.5","matchCriteriaId":"9B6BB3F7-A2A0-4D73-BEB6-D831C9C3CAD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.7","matchCriteriaId":"958CF981-06BE-44FF-B5CF-156649D86232"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.5","matchCriteriaId":"2C77A903-42B3-41D3-BDC6-E138679B5400"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-061","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}