mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
123 lines
4.9 KiB
JSON
123 lines
4.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-41682",
|
|
"ASSIGNER": "psirt@fortinet.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Denial of service",
|
|
"cweId": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Fortinet",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "FortiSandbox",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "4.4.0"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "4.2.0",
|
|
"version_value": "4.2.5"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "4.0.0",
|
|
"version_value": "4.0.3"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "3.2.0",
|
|
"version_value": "3.2.4"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "3.1.0",
|
|
"version_value": "3.1.5"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "3.0.0",
|
|
"version_value": "3.0.7"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "2.5.0",
|
|
"version_value": "2.5.2"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "2.4.0",
|
|
"version_value": "2.4.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://fortiguard.com/psirt/FG-IR-23-280",
|
|
"refsource": "MISC",
|
|
"name": "https://fortiguard.com/psirt/FG-IR-23-280"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Please upgrade to FortiSandbox version 4.4.2 or above Please upgrade to FortiSandbox version 4.2.6 or above Please upgrade to FortiSandbox version 4.0.4 or above "
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.9,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:C"
|
|
}
|
|
]
|
|
}
|
|
} |