CVE-2024-45328 – This vulnerability allows low-privileged admini... (How to Fix)

Q: What is the severity of CVE-2024-45328?

CVE-2024-45328 has a CVSS score of 7.8 (HIGH). This vulnerability allows low-privileged administrators in FortiSandbox to execute elevated CLI commands through the GUI console menu due to incorrect authorization checks. It affects FortiSandbox versions 4.4.0 through 4.4.6. Attackers with low-privileged admin access can potentially gain higher privileges and compromise the system.

📋 TL;DR

This vulnerability allows low-privileged administrators in FortiSandbox to execute elevated CLI commands through the GUI console menu due to incorrect authorization checks. It affects FortiSandbox versions 4.4.0 through 4.4.6. Attackers with low-privileged admin access can potentially gain higher privileges and compromise the system.

💻 Affected Systems

Products:

FortiSandbox

Versions: 4.4.0 through 4.4.6

Operating Systems: FortiOS-based appliance

Default Config Vulnerable: ⚠️ Yes

Notes: Requires low-privileged administrator access to the GUI console. All deployments with affected versions are vulnerable.

📦 What is this software?

Fortisandbox by Fortinet

View all CVEs affecting Fortisandbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A low-privileged administrator gains full administrative control, modifies system configurations, accesses sensitive data, or installs malware on the FortiSandbox appliance.

🟠

Likely Case

Privilege escalation allowing unauthorized access to restricted functions, configuration changes, or data exfiltration within the FortiSandbox environment.

🟢

If Mitigated

Limited impact if proper network segmentation, monitoring, and least-privilege access controls are implemented to restrict low-privileged admin access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated low-privileged admin access. The vulnerability is in the authorization logic of the GUI console menu.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiSandbox 4.4.7 or later

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-261

Restart Required: No

Instructions:

1. Log into FortiSandbox GUI as administrator. 2. Navigate to System > Dashboard. 3. Check for available firmware updates. 4. Download and install FortiSandbox 4.4.7 or later. 5. Verify the update completes successfully.

🔧 Temporary Workarounds

Restrict Low-Privileged Admin Access

all

Temporarily remove or restrict low-privileged administrator accounts until patching can be completed.

🧯 If You Can't Patch

Implement strict network segmentation to isolate FortiSandbox from critical systems.
Enhance monitoring of administrator activities and CLI command execution in logs.

🔍 How to Verify

Check if Vulnerable:

Check FortiSandbox version via GUI: System > Dashboard > System Information, or CLI: get system status

Check Version:

get system status | grep Version

Verify Fix Applied:

Confirm version is 4.4.7 or later via System > Dashboard > System Information

📡 Detection & Monitoring

Log Indicators:

Unusual CLI command execution by low-privileged administrators
Authorization failures or privilege escalation attempts in system logs

Network Indicators:

Anomalous administrative traffic patterns to FortiSandbox GUI

SIEM Query:

source="fortisandbox" AND (event_type="admin_login" OR event_type="cli_command") AND user_role="low_privileged"

📊 Metadata

CVE ID: CVE-2024-45328

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

EPSS Score: 0.03% exploit probability (7.4th percentile)

Published: March 11, 2025

Last Updated: July 24, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-24-261 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45328, you might also want to check these: