Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. FortiSandbox suffers from CVE-2024-45328, a high-severity incorrect authorization vulnerability (CWE-863) that might allow low-privileged users to gain unauthorized access to administrative functions in the GUI console. The vulnerability represents a significant security risk as it could potentially lead to unauthorized system access or control. The security update also addresses multiple command injection vulnerabilities, including CVE-2024-32123, which affects FortiAnalyzer and FortiManager products. FortiSandbox users should be particularly concerned about CVE-2024-54018, another medium-severity OS command injection vulnerability in the administrative interface. Client-side security enforcement issues have also been discovered, with CVE-2024-52960 affecting FortiSandbox’s virtual machine download feature. This medium-severity vulnerability could undermine server-side security mechanisms if exploited. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. The patches come as part of Fortinet’s ongoing security maintenance coordinated through their Product Security Incident Response Team (PSIRT). Similarly, FortiSandbox is affected by CVE-2024-54026, a medium-severity error-based SQL injection vulnerability in the device deletion feature. The company continues to emphasize its commitment to security through its dedicated PSIRT process and consistent security patch delivery. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. This vulnerability could allow attackers to potentially crash applications or execute code by manipulating externally-controlled format strings.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Mar 2025 07:50:04 +0000