Sign-up

ID

VAR-202503-1152


CVE

CVE-2024-54027


TITLE

fortinet's  FortiSandbox  Vulnerability related to the use of hard-coded encryption keys in

Trust: 0.8

sources: JVNDB: JVNDB-2024-026508

DESCRIPTION

A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI. fortinet's FortiSandbox contains a vulnerability related to the use of hardcoded encryption keys.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-54027 // JVNDB: JVNDB-2024-026508

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.0.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.4.7

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:5.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.2.8

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.0.6

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.0.5 that's all 4.0.6

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:5.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0 that's all 4.4.7

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.2.0 that's all 4.2.8

Trust: 0.8

sources: JVNDB: JVNDB-2024-026508 // NVD: CVE-2024-54027

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2024-54027
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-54027
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-54027
value: MEDIUM

Trust: 0.8

psirt@fortinet.com: CVE-2024-54027
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-54027
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-54027
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-026508 // NVD: CVE-2024-54027 // NVD: CVE-2024-54027

PROBLEMTYPE DATA

problemtype:CWE-321

Trust: 1.0

problemtype:Using hardcoded encryption keys (CWE-321) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-026508 // NVD: CVE-2024-54027

PATCH

title:FG-IR-24-327url:https://fortiguard.fortinet.com/psirt/FG-IR-24-327

Trust: 0.8

sources: JVNDB: JVNDB-2024-026508

EXTERNAL IDS

db:NVDid:CVE-2024-54027

Trust: 2.6

db:JVNDBid:JVNDB-2024-026508

Trust: 0.8

sources: JVNDB: JVNDB-2024-026508 // NVD: CVE-2024-54027

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-24-327

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-54027

Trust: 0.8

sources: JVNDB: JVNDB-2024-026508 // NVD: CVE-2024-54027

SOURCES

db:JVNDBid:JVNDB-2024-026508
db:NVDid:CVE-2024-54027

LAST UPDATE DATE

2025-07-29T23:25:27.557000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-026508date:2025-07-28T07:50:00
db:NVDid:CVE-2024-54027date:2025-07-24T20:17:55.730

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-026508date:2025-07-28T00:00:00
db:NVDid:CVE-2024-54027date:2025-03-17T14:15:19.613