CVE-2023-41680

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 13, 2023
Updated: Nov 7, 2023
CWE ID 79

Summary

CVE-2023-41680 is a vulnerability categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)). It affects Fortinet FortiSandbox versions 4.4.1, 4.4.0, 4.2.0 through 4.2.5, 4.0.0 through 4.0.3, 3.2.0 through 3.2.4, 3.1.0 through 3.1.5, 3.0.0 through 3.0.7, and 2.5.0 through 2.5. 2, as well as other related products like rMene and jHh7g series among others. The vulnerability allows an attacker to execute unauthorized code or commands by exploiting an improper neutralization of input during web page generation ('cross-site scripting') in the affected products. The risk score of this vulnerability is rated at 25 out of a possible maximum of 100. The base severity is classified as MEDIUM with a base score of 6.A potential danger to organizations lies in the possibility of attackers executing unauthorized code or commands using crafted HTTP requests. Remediation for this vulnerability should include updating the affected Fortinet FortiSandbox versions to the latest patched version provided by the vendor.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41680 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options