CVE-2023-47541Path Traversal in Fortinet Fortisandbox

CWE-22Path Traversal4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 66.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisandbox
Timeline
PublishedApr 9

Description

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions, FortiSandbox 2.3 all versions, FortiSandbox 2.2 all versions, FortiSandbox 2.1 all versions, FortiSandbox 2.0 all versions allows attacker

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortisandbox2.0.04.2.7+1
CVEListV5fortinet/fortisandbox4.4.04.4.2+11

🔴Vulnerability Details

2
CVEList
CVE-2023-47541: An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 42024-04-09
GHSA
GHSA-cfhh-2gpx-32wx: An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 42024-04-09

📋Vendor Advisories

1
Fortinet
FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution2024-04-09
CVE-2023-47541 — Path Traversal in Fortinet | cvebase