ID

VAR-202312-1526


CVE

CVE-2023-45587


TITLE

fortinet's  FortiSandbox  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-020027

DESCRIPTION

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests. fortinet's FortiSandbox Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiSandbox is an APT (Advanced Persistent Threat) protection device from the American company Fortinet. The appliance offers features such as dual sandboxing technology, a dynamic threat intelligence system, real-time dashboards and reporting

Trust: 2.16

sources: NVD: CVE-2023-45587 // JVNDB: JVNDB-2023-020027 // CNVD: CNVD-2024-09276

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-09276

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:eqversion:4.4.0

Trust: 1.6

vendor:fortinetmodel:fortisandboxscope:eqversion:4.4.1

Trust: 1.6

vendor:fortinetmodel:fortisandboxscope:eqversion:4.4.2

Trust: 1.6

vendor:fortinetmodel:fortisandboxscope:lteversion:4.2.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.2.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.0.4

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.1.0 to 3.1.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.2.0 to 4.2.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.0 to 3.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 to 4.0.4

Trust: 0.8

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0,<=3.1.5

Trust: 0.6

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0,<=3.2.4

Trust: 0.6

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0,<=4.2.5

Trust: 0.6

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0,<=4.0.4

Trust: 0.6

sources: CNVD: CNVD-2024-09276 // JVNDB: JVNDB-2023-020027 // NVD: CVE-2023-45587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-45587
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2023-45587
value: LOW

Trust: 1.0

NVD: CVE-2023-45587
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-09276
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-09276
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-45587
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-45587
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2023-45587
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-09276 // JVNDB: JVNDB-2023-020027 // NVD: CVE-2023-45587 // NVD: CVE-2023-45587

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-020027 // NVD: CVE-2023-45587

PATCH

title:FG-IR-23-360url:https://www.fortiguard.com/psirt/FG-IR-23-360

Trust: 0.8

title:Patch for Fortinet FortiSandbox cross-site scripting vulnerability (CNVD-2024-0927676)url:https://www.cnvd.org.cn/patchInfo/show/526056

Trust: 0.6

sources: CNVD: CNVD-2024-09276 // JVNDB: JVNDB-2023-020027

EXTERNAL IDS

db:NVDid:CVE-2023-45587

Trust: 3.2

db:JVNDBid:JVNDB-2023-020027

Trust: 0.8

db:CNVDid:CNVD-2024-09276

Trust: 0.6

sources: CNVD: CNVD-2024-09276 // JVNDB: JVNDB-2023-020027 // NVD: CVE-2023-45587

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2023-45587

Trust: 1.4

url:https://fortiguard.com/psirt/fg-ir-23-360

Trust: 1.0

sources: CNVD: CNVD-2024-09276 // JVNDB: JVNDB-2023-020027 // NVD: CVE-2023-45587

SOURCES

db:CNVDid:CNVD-2024-09276
db:JVNDBid:JVNDB-2023-020027
db:NVDid:CVE-2023-45587

LAST UPDATE DATE

2024-08-14T14:16:48.768000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-09276date:2024-02-21T00:00:00
db:JVNDBid:JVNDB-2023-020027date:2024-01-15T07:42:00
db:NVDid:CVE-2023-45587date:2023-12-15T19:41:03.370

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-09276date:2024-02-09T00:00:00
db:JVNDBid:JVNDB-2023-020027date:2024-01-15T00:00:00
db:NVDid:CVE-2023-45587date:2023-12-13T07:15:20.363