Platform
fortinet
Component
fortisandbox
Fixed in
4.4.1
4.2.5
4.0.7
3.2.5
3.1.6
3.0.8
CVE-2023-41836 describes a cross-site scripting (XSS) vulnerability within the FortiSandbox web interface. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized code execution. The vulnerability impacts FortiSandbox versions ranging from 3.0.4 through 4.4.0. A fix is available from Fortinet.
Successful exploitation of CVE-2023-41836 allows an attacker to inject arbitrary JavaScript code into the FortiSandbox web interface. This code can then be executed in the context of a user's browser, potentially enabling the attacker to steal session cookies, redirect users to malicious websites, or deface the web interface. The impact is primarily focused on compromising user accounts with access to the FortiSandbox management console. While the CVSS score is LOW, the potential for privilege escalation and data theft warrants immediate attention, especially in environments where the FortiSandbox console is accessible from untrusted networks.
CVE-2023-41836 was publicly disclosed on October 13, 2023. While no active exploitation campaigns have been publicly reported, the ease of XSS exploitation means it remains a potential target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it likely that such exploits will emerge.
Exploit Status
EPSS
0.09% (26% percentile)
CVSS Vector
The primary mitigation for CVE-2023-41836 is to upgrade to a patched version of FortiSandbox. Fortinet has released updates to address this vulnerability; refer to the official advisory for specific version details. As a temporary workaround, consider implementing strict input validation and output encoding within the FortiSandbox web interface to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. Regularly review FortiSandbox configuration for any unusual activity or unauthorized modifications.
Update FortiSandbox to an unaffected version. See the Fortinet advisory for more details and specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-41836 is a cross-site scripting vulnerability in Fortinet FortiSandbox versions 3.0.4–4.4.0, allowing attackers to inject malicious scripts.
If you are running FortiSandbox versions 3.0.4 through 4.4.0, you are potentially affected by this vulnerability. Check the official advisory for details.
Upgrade to a patched version of FortiSandbox as recommended by Fortinet. Refer to the official advisory for specific version details.
While no active exploitation campaigns have been publicly reported, the vulnerability's nature makes it a potential target.
Refer to the Fortinet Security Advisory for details: [https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2023-41836](https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2023-41836)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.