CVE-2023-41682

CWE-22Path Traversal4 documents4 sources
Severity
7.5HIGH
EPSS
0.4%
top 36.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisandbox
Timeline
PublishedOct 13

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions allows attacker to denial of service via crafted http requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5fortinet/fortisandbox4.2.14.2.5+7
NVDfortinet/fortisandbox2.4.02.4.1+5

🔴Vulnerability Details

2
CVEList
CVE-2023-41682: A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 42023-10-13
GHSA
GHSA-85q4-wfv9-wrvq: A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 42023-10-13

📋Vendor Advisories

1
Fortinet
Arbitrary file delete2023-10-13
CVE-2023-41682 (HIGH CVSS 7.5) | A improper limitation of a pathname | cvebase.io