A critical OS command injection vulnerability in Fortinet FortiSandbox allows unauthenticated remote attackers to execute arbitrary system commands.

This vulnerability arises from improper neutralization of special elements used in OS commands, permitting an unauthenticated attacker to inject and execute unauthorized commands via malicious HTTP requests.

With a CVSS score of 9.8, this flaw poses a severe threat, as it allows complete administrative control over the security appliance without requiring prior authentication. A compromise of FortiSandbox—a critical security tool—could allow attackers to bypass security controls, exfiltrate sensitive data, or pivot into the internal network.

Immediate Action: Update to FortiSandbox 5.0.6, 4.4.9, or higher, depending on the specific product line, as detailed in the vendor advisory.

Proactive Monitoring: Monitor device logs for signs of suspicious HTTP requests or unexpected command execution attempts on the FortiSandbox appliance.

Compensating Controls: Use a Web Application Firewall (WAF) to filter malicious HTTP input that could trigger command injection while the patching process is underway.

Public Exploit Available: False

Given the unauthenticated nature of the attack vector, this vulnerability is a high-priority target for threat actors. Administrators must apply the vendor-provided patches immediately to prevent unauthorized access and maintain the integrity of their security infrastructure.