ID

VAR-202404-2098


CVE

CVE-2023-47540


TITLE

Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2024-20429)

Trust: 0.6

sources: CNVD: CNVD-2024-20429

DESCRIPTION

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI. Fortinet FortiSandbox is an APT (Advanced Persistent Threat) protection device from Fortinet. The device provides dual sandbox technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox has an operating system command injection vulnerability, which is caused by an operating system command injection vulnerability

Trust: 1.44

sources: NVD: CVE-2023-47540 // CNVD: CNVD-2024-20429

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-20429

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0,<=3.2.4

Trust: 0.6

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0,<=4.0.5

Trust: 0.6

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0,<=4.2.6

Trust: 0.6

vendor:fortinetmodel:fortisandboxscope:gteversion:3.0.5,<=3.0.7

Trust: 0.6

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0,<=4.4.2

Trust: 0.6

sources: CNVD: CNVD-2024-20429

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2023-47540
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-20429
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-20429
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

psirt@fortinet.com: CVE-2023-47540
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-20429 // NVD: CVE-2023-47540

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2023-47540

PATCH

title:Patch for Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2024-20429)url:https://www.cnvd.org.cn/patchInfo/show/544886

Trust: 0.6

sources: CNVD: CNVD-2024-20429

EXTERNAL IDS

db:NVDid:CVE-2023-47540

Trust: 1.6

db:CNVDid:CNVD-2024-20429

Trust: 0.6

sources: CNVD: CNVD-2024-20429 // NVD: CVE-2023-47540

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-411

Trust: 1.6

url:https://cxsecurity.com/cveshow/cve-2023-47540/

Trust: 0.6

sources: CNVD: CNVD-2024-20429 // NVD: CVE-2023-47540

SOURCES

db:CNVDid:CNVD-2024-20429
db:NVDid:CVE-2023-47540

LAST UPDATE DATE

2024-10-16T23:14:34.372000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-20429date:2024-04-26T00:00:00
db:NVDid:CVE-2023-47540date:2024-04-10T13:24:22.187

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-20429date:2024-04-25T00:00:00
db:NVDid:CVE-2023-47540date:2024-04-09T15:15:27.833