CVE-2023-41682

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.

Published: Oct 13, 2023
Updated: Oct 17, 2023
CVE: CVE-2023-41682
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fortinet / fortisandbox	3.2.0	3.2.4.x
fortinet / fortisandbox	4.4.0	4.4.0.x
fortinet / fortisandbox	4.2.0	4.2.5.x
fortinet / fortisandbox	4.0.0	4.0.3.x
fortinet / fortisandbox	2.5.0	2.5.2.x
fortinet / fortisandbox	2.4.0	2.4.1.x

https://fortiguard.com/psirt/FG-IR-23-280

Vulnerability Database

289,871

CVE-2023-41682