CVE-2023-47541

{"id": "CVE-2023-47541", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2024-04-09T15:15:28.020", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-416", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/psirt/FG-IR-23-416", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI."}, {"lang": "es", "value": "Una limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"path traversal\") en Fortinet FortiSandbox versi\u00f3n 4.4.0 a 4.4.2 y 4.2.0 a 4.2.6 y 4.0.0 a 4.0.5 y 3.2.0 a 3.2. 4 y 3.1.0 a 3.1.5 y 3.0.0 a 3.0.7 y 2.5.0 a 2.5.2 y 2.4.0 a 2.4.1 y 2.3.0 a 2.3.3 y 2.2.0 a 2.2.2 y 2.1.0 a 2.1.3 y 2.0.0 a 2.0.3 permiten a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de CLI."}], "lastModified": "2024-12-23T14:57:00.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0015F37-9D06-40B3-96B6-286457D54069", "versionEndExcluding": "4.2.7", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBA7928B-2BC3-4DA6-B4ED-21818D04A1C4", "versionEndExcluding": "4.4.3", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}