{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-54027", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-11-27T15:20:39.891Z", "datePublished": "2025-03-17T13:05:31.108Z", "dateUpdated": "2025-03-18T03:55:15.229Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "cpes": [], "defaultStatus": "unaffected", "versions": [{"version": "5.0.0", "status": "affected"}, {"versionType": "semver", "version": "4.4.0", "lessThanOrEqual": "4.4.6", "status": "affected"}, {"versionType": "semver", "version": "4.2.0", "lessThanOrEqual": "4.2.7", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.5", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.4", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.5", "status": "affected"}, {"versionType": "semver", "version": "3.0.5", "lessThanOrEqual": "3.0.7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-03-17T13:05:31.108Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-321", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiSandbox version 5.0.1 or above \nPlease upgrade to FortiSandbox version 4.4.7 or above \nPlease upgrade to FortiSandbox version 4.2.8 or above \nPlease upgrade to FortiSandbox version 4.0.6 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-327", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-327"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-17T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-54027"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T03:55:15.229Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-54027", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-17T13:38:00.668268Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T13:38:04.193Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": [], "vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "5.0.0"}, {"status": "affected", "version": "4.4.0", "versionType": "semver", "lessThanOrEqual": "4.4.6"}, {"status": "affected", "version": "4.2.0", "versionType": "semver", "lessThanOrEqual": "4.2.7"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.5"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.4"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.5"}, {"status": "affected", "version": "3.0.5", "versionType": "semver", "lessThanOrEqual": "3.0.7"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiSandbox version 5.0.1 or above \nPlease upgrade to FortiSandbox version 4.4.7 or above \nPlease upgrade to FortiSandbox version 4.2.8 or above \nPlease upgrade to FortiSandbox version 4.0.6 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-327", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-327"}], "descriptions": [{"lang": "en", "value": "A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-321", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-03-17T13:05:31.108Z"}}}, "cveMetadata": {"cveId": "CVE-2024-54027", "state": "PUBLISHED", "dateUpdated": "2025-03-17T13:38:08.828Z", "dateReserved": "2024-11-27T15:20:39.891Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-03-17T13:05:31.108Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI."}], "id": "CVE-2024-54027", "lastModified": "2025-03-17T14:15:19.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2025-03-17T14:15:19.613", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-327"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}