CVE-2023-41682

Summary

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions allows attacker to denial of service via crafted http requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox4.4.0affected
FortinetFortiSandbox4.2.1 <= 4.2.5affected
FortinetFortiSandbox4.0.0 <= 4.0.3affected
FortinetFortiSandbox3.2.0 <= 3.2.4affected
FortinetFortiSandbox3.1.0 <= 3.1.5affected
FortinetFortiSandbox3.0.0 <= 3.0.7affected
FortinetFortiSandbox2.5.0 <= 2.5.2affected
FortinetFortiSandbox2.4.0 <= 2.4.1affected

Weaknesses

  • CWE-22: Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References