Plattform
fortinet
Komponente
fortisandbox
Behoben in
4.4.3
4.2.9
4.0.7
3.2.5
3.1.6
3.0.8
CVE-2023-41844 describes a cross-site scripting (XSS) vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.2, as well as older versions 4.2, 4.0, 3.2, 3.1, and 3.0.4 and above. An attacker can exploit this flaw by sending specially crafted HTTP requests to the capture traffic endpoint, potentially leading to the execution of unauthorized code. The vulnerability was published on December 13, 2023, and a fix is available via upgrade.
Successful exploitation of CVE-2023-41844 allows an attacker to inject malicious scripts into web pages viewed by users interacting with the FortiSandbox capture traffic endpoint. This could lead to session hijacking, defacement of the web interface, or the theft of sensitive information. The attacker could potentially gain unauthorized access to the FortiSandbox management interface if users are tricked into executing the malicious script. While the CVSS score is LOW, the potential for user interaction and the sensitive nature of network traffic data make this a concerning vulnerability.
CVE-2023-41844 is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not widely available at this time. Given the XSS nature of the vulnerability and the potential for easy exploitation, it is possible that attackers may begin targeting vulnerable systems. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing FortiSandbox with versions 4.4.0 through 4.4.2, and older versions 4.2, 4.0, 3.2, 3.1, and 3.0.4 and above, are at risk. Specifically, environments where the capture traffic endpoint is publicly accessible or exposed to untrusted networks are more vulnerable. Shared hosting environments using FortiSandbox may also be affected.
• fortinet / web:
curl -s -X POST -d 'payload=<script>alert("XSS")</script>' <fortisandbox_capture_traffic_endpoint> | grep -i alert• generic web:
curl -s -X POST -d 'payload=<script>alert("XSS")</script>' <fortisandbox_capture_traffic_endpoint> | grep -i alertdisclosure
Exploit-Status
EPSS
0.44% (63% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2023-41844 is to upgrade FortiSandbox to a patched version. Fortinet has not specified a fixed version in the provided data, so consult the official Fortinet advisory for the latest available fix. As a temporary workaround, consider implementing strict input validation and output encoding on the capture traffic endpoint to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. After upgrading, confirm the fix by attempting to trigger the XSS vulnerability with a known payload and verifying that it is no longer exploitable.
Actualice FortiSandbox a una versión posterior a las versiones afectadas. Consulte el advisory de Fortinet para obtener más detalles e instrucciones específicas de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-41844 is a cross-site scripting (XSS) vulnerability in Fortinet FortiSandbox versions ≤4.4.2, allowing attackers to execute code via crafted HTTP requests to the capture traffic endpoint.
You are affected if you are using FortiSandbox versions 4.4.0 through 4.4.2, or older versions 4.2, 4.0, 3.2, 3.1, and 3.0.4 and above. Check the Fortinet advisory for a complete list of affected versions.
Upgrade FortiSandbox to a patched version as specified in the official Fortinet advisory. Implement input validation and output encoding as a temporary workaround.
While no active exploitation has been confirmed, the vulnerability's nature suggests potential for exploitation, so vigilance is advised.
Consult the official Fortinet security advisories page for the latest information and patch details regarding CVE-2023-41844.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.