ID

VAR-202310-2590


CVE

CVE-2023-41843


TITLE

fortinet's  FortiSandbox  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-015350

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. fortinet's FortiSandbox Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2023-41843 // JVNDB: JVNDB-2023-015350

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:lteversion:3.0.7

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:2.5.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.0.3

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:2.4.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.2.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.4.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:2.5.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.2.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 to 4.0.3

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.0 to 3.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:2.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.0.0 to 3.0.7

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.1.0 to 3.1.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0 to 4.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:2.5.0 to 2.5.2

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.2.0 to 4.2.5

Trust: 0.8

sources: JVNDB: JVNDB-2023-015350 // NVD: CVE-2023-41843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-41843
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2023-41843
value: HIGH

Trust: 1.0

NVD: CVE-2023-41843
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-41843
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-41843
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-41843
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-015350 // NVD: CVE-2023-41843 // NVD: CVE-2023-41843

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-015350 // NVD: CVE-2023-41843

PATCH

title:FG-IR-23-273url:https://www.fortiguard.com/psirt/FG-IR-23-273

Trust: 0.8

sources: JVNDB: JVNDB-2023-015350

EXTERNAL IDS

db:NVDid:CVE-2023-41843

Trust: 2.6

db:JVNDBid:JVNDB-2023-015350

Trust: 0.8

sources: JVNDB: JVNDB-2023-015350 // NVD: CVE-2023-41843

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-273

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-41843

Trust: 0.8

sources: JVNDB: JVNDB-2023-015350 // NVD: CVE-2023-41843

SOURCES

db:JVNDBid:JVNDB-2023-015350
db:NVDid:CVE-2023-41843

LAST UPDATE DATE

2024-08-14T13:19:41.314000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-015350date:2023-12-27T04:31:00
db:NVDid:CVE-2023-41843date:2023-11-07T04:21:06.847

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-015350date:2023-12-27T00:00:00
db:NVDid:CVE-2023-41843date:2023-10-13T15:15:44.243