CVE-2023-41682

Summary

CVE-2023-41682 is a vulnerability categorized as "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)" with a base severity rating of HIGH and a base score of 8.1. It affects multiple versions of Fortinet FortiSandbox, including 4.4.0, 4.2.0 through 4.2.5, 4.0.0 through 4.0.3, 3.2.0 through 3.2.4, and others. The vulnerability allows an attacker to perform path traversal attacks and cause denial of service by exploiting crafted HTTP requests. The exploitability score is rated at 2.8 out of 10, indicating a moderate level of difficulty for exploitation. The impact score is calculated to be 5.2 out of 10, with high integrity impact and no confidentiality impact involved in the attack vector primarily targeting network services on affected systems. To remediate this vulnerability, it is recommended to update the Fortinet FortiSandbox software to a patched version provided by the vendor as soon as possible to mitigate the risk associated with this vulnerability. This vulnerability poses a significant danger to organizations using affected versions of Fortinet FortiSandbox, as it can allow an attacker to disrupt services and potentially compromise the integrity of the system or network infrastructure where it is deployed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.