Details of VAR-202310-2393

ID

VAR-202310-2393

CVE

CVE-2023-41682

TITLE

fortinet's FortiSandbox Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356

DESCRIPTION

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. fortinet's FortiSandbox Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-41682 // JVNDB: JVNDB-2023-015356

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	2.5.2	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	4.0.3	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	2.4.1	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	4.4.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	4.2.5	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	2.5.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	3.2.4	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.2.0	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	4.0.0 to 4.0.3	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	3.2.0 to 3.2.4	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	4.4.0	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	2.4.0 to 2.4.1	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	2.5.0 to 2.5.2	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	4.2.0 to 4.2.5	Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-41682
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2023-41682
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-41682
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-41682
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2023-41682
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2023-41682
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682 // NVD: CVE-2023-41682

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682

PATCH

title:

FG-IR-23-280

url:

https://www.fortiguard.com/psirt/FG-IR-23-280

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356

EXTERNAL IDS

db:	NVD	id:	CVE-2023-41682	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-015356	Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-23-280	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-41682	Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682

SOURCES

db:	JVNDB	id:	JVNDB-2023-015356
db:	NVD	id:	CVE-2023-41682

LAST UPDATE DATE

2024-08-14T15:31:48.688000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-015356	date:	2023-12-27T04:35:00
db:	NVD	id:	CVE-2023-41682	date:	2023-11-07T04:21:04.987

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-015356	date:	2023-12-27T00:00:00
db:	NVD	id:	CVE-2023-41682	date:	2023-10-13T15:15:44.123