ID

VAR-202310-2393


CVE

CVE-2023-41682


TITLE

fortinet's  FortiSandbox  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356

DESCRIPTION

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. fortinet's FortiSandbox Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-41682 // JVNDB: JVNDB-2023-015356

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:lteversion:2.5.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.0.3

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:2.4.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:2.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.2.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:2.5.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.2.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 to 4.0.3

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.0 to 3.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:2.4.0 to 2.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:2.5.0 to 2.5.2

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.2.0 to 4.2.5

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-41682
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2023-41682
value: HIGH

Trust: 1.0

NVD: CVE-2023-41682
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-41682
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-41682
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2023-41682
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682 // NVD: CVE-2023-41682

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682

PATCH

title:FG-IR-23-280url:https://www.fortiguard.com/psirt/FG-IR-23-280

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356

EXTERNAL IDS

db:NVDid:CVE-2023-41682

Trust: 2.6

db:JVNDBid:JVNDB-2023-015356

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-280

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-41682

Trust: 0.8

sources: JVNDB: JVNDB-2023-015356 // NVD: CVE-2023-41682

SOURCES

db:JVNDBid:JVNDB-2023-015356
db:NVDid:CVE-2023-41682

LAST UPDATE DATE

2024-08-14T15:31:48.688000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-015356date:2023-12-27T04:35:00
db:NVDid:CVE-2023-41682date:2023-11-07T04:21:04.987

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-015356date:2023-12-27T00:00:00
db:NVDid:CVE-2023-41682date:2023-10-13T15:15:44.123