Sign-up

ID

VAR-202503-0802


CVE

CVE-2024-45328


DESCRIPTION

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

Trust: 1.0

sources: NVD: CVE-2024-45328

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.4.7

Trust: 1.0

sources: NVD: CVE-2024-45328

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2024-45328
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2024-45328
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2024-45328

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

sources: NVD: CVE-2024-45328

EXTERNAL IDS

db:NVDid:CVE-2024-45328

Trust: 1.0

sources: NVD: CVE-2024-45328

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-24-261

Trust: 1.0

sources: NVD: CVE-2024-45328

SOURCES

db:NVDid:CVE-2024-45328

LAST UPDATE DATE

2025-07-26T23:08:19.958000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2024-45328date:2025-07-24T16:35:03.360

SOURCES RELEASE DATE

db:NVDid:CVE-2024-45328date:2025-03-11T15:15:41.963