Platform
fortinet
Component
fortisandbox
Fixed in
4.4.3
4.2.9
4.0.7
3.2.5
3.1.6
3.0.8
CVE-2023-41844 describes a cross-site scripting (XSS) vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.2, as well as older versions 4.2, 4.0, 3.2, 3.1, and 3.0.4 and above. An attacker can exploit this flaw by sending specially crafted HTTP requests to the capture traffic endpoint, potentially leading to the execution of unauthorized code. The vulnerability was published on December 13, 2023, and a fix is available via upgrade.
Successful exploitation of CVE-2023-41844 allows an attacker to inject malicious scripts into web pages viewed by users interacting with the FortiSandbox capture traffic endpoint. This could lead to session hijacking, defacement of the web interface, or the theft of sensitive information. The attacker could potentially gain unauthorized access to the FortiSandbox management interface if users are tricked into executing the malicious script. While the CVSS score is LOW, the potential for user interaction and the sensitive nature of network traffic data make this a concerning vulnerability.
CVE-2023-41844 is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not widely available at this time. Given the XSS nature of the vulnerability and the potential for easy exploitation, it is possible that attackers may begin targeting vulnerable systems. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.44% (63% percentile)
CVSS Vector
The primary mitigation for CVE-2023-41844 is to upgrade FortiSandbox to a patched version. Fortinet has not specified a fixed version in the provided data, so consult the official Fortinet advisory for the latest available fix. As a temporary workaround, consider implementing strict input validation and output encoding on the capture traffic endpoint to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. After upgrading, confirm the fix by attempting to trigger the XSS vulnerability with a known payload and verifying that it is no longer exploitable.
Update FortiSandbox to a version later than the affected versions. See the Fortinet advisory for more details and specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-41844 is a cross-site scripting (XSS) vulnerability in Fortinet FortiSandbox versions ≤4.4.2, allowing attackers to execute code via crafted HTTP requests to the capture traffic endpoint.
You are affected if you are using FortiSandbox versions 4.4.0 through 4.4.2, or older versions 4.2, 4.0, 3.2, 3.1, and 3.0.4 and above. Check the Fortinet advisory for a complete list of affected versions.
Upgrade FortiSandbox to a patched version as specified in the official Fortinet advisory. Implement input validation and output encoding as a temporary workaround.
While no active exploitation has been confirmed, the vulnerability's nature suggests potential for exploitation, so vigilance is advised.
Consult the official Fortinet security advisories page for the latest information and patch details regarding CVE-2023-41844.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.