Vulnerability Details CVE-2023-41682
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions allows attacker to denial of service via crafted http requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 63.2%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2023-41682
-
cpe:2.3:a:fortinet:fortisandbox:2.4.0
-
cpe:2.3:a:fortinet:fortisandbox:2.4.1
-
cpe:2.3:a:fortinet:fortisandbox:2.5.0
-
cpe:2.3:a:fortinet:fortisandbox:2.5.1
-
cpe:2.3:a:fortinet:fortisandbox:2.5.2
-
cpe:2.3:a:fortinet:fortisandbox:3.2.0
-
cpe:2.3:a:fortinet:fortisandbox:3.2.1
-
cpe:2.3:a:fortinet:fortisandbox:3.2.2
-
cpe:2.3:a:fortinet:fortisandbox:3.2.3
-
cpe:2.3:a:fortinet:fortisandbox:3.2.4
-
cpe:2.3:a:fortinet:fortisandbox:4.0.0
-
cpe:2.3:a:fortinet:fortisandbox:4.0.1
-
cpe:2.3:a:fortinet:fortisandbox:4.0.2
-
cpe:2.3:a:fortinet:fortisandbox:4.0.3
-
cpe:2.3:a:fortinet:fortisandbox:4.2.0
-
cpe:2.3:a:fortinet:fortisandbox:4.2.1
-
cpe:2.3:a:fortinet:fortisandbox:4.2.2
-
cpe:2.3:a:fortinet:fortisandbox:4.2.3
-
cpe:2.3:a:fortinet:fortisandbox:4.2.4
-
cpe:2.3:a:fortinet:fortisandbox:4.2.5
-
cpe:2.3:a:fortinet:fortisandbox:4.4.0