Details of VAR-202404-3003

ID

VAR-202404-3003

CVE

CVE-2023-47541

TITLE

fortinet's FortiSandbox Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-027698

DESCRIPTION

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI. fortinet's FortiSandbox Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-47541 // JVNDB: JVNDB-2023-027698

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	4.4.3	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	4.2.7	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.4.0	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	4.4.0 that's all 4.4.3	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	2.0.0 that's all 4.2.7	Trust: 0.8

sources: JVNDB: JVNDB-2023-027698 // NVD: CVE-2023-47541

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2023-47541
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2023-47541
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-47541
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2023-47541
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-47541
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-027698 // NVD: CVE-2023-47541 // NVD: CVE-2023-47541

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027698 // NVD: CVE-2023-47541

PATCH

title:

FG-IR-23-416

url:

https://fortiguard.com/psirt/FG-IR-23-416

Trust: 0.8

sources: JVNDB: JVNDB-2023-027698

EXTERNAL IDS

db:	NVD	id:	CVE-2023-47541	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-027698	Trust: 0.8

sources: JVNDB: JVNDB-2023-027698 // NVD: CVE-2023-47541

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-23-416	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-47541	Trust: 0.8

sources: JVNDB: JVNDB-2023-027698 // NVD: CVE-2023-47541

SOURCES

db:	JVNDB	id:	JVNDB-2023-027698
db:	NVD	id:	CVE-2023-47541

LAST UPDATE DATE

2024-12-25T23:10:13.439000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-027698	date:	2024-12-24T06:27:00
db:	NVD	id:	CVE-2023-47541	date:	2024-12-23T14:57:00.153

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-027698	date:	2024-12-24T00:00:00
db:	NVD	id:	CVE-2023-47541	date:	2024-04-09T15:15:28.020