Details of VAR-202404-2098

ID

VAR-202404-2098

CVE

CVE-2023-47540

TITLE

Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2024-20429)

Trust: 0.6

sources: CNVD: CNVD-2024-20429

DESCRIPTION

Fortinet FortiSandbox is an APT (Advanced Persistent Threat) protection device from Fortinet. The device provides dual sandbox technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox has an operating system command injection vulnerability, which is caused by an operating system command injection vulnerability. Attackers can use this vulnerability to execute unauthorized code or commands through the CLI.

Trust: 0.6

sources: CNVD: CNVD-2024-20429

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-20429

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.2.0,<=3.2.4	Trust: 0.6
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.0.0,<=4.0.5	Trust: 0.6
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.2.0,<=4.2.6	Trust: 0.6
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.0.5,<=3.0.7	Trust: 0.6
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.4.0,<=4.4.2	Trust: 0.6

sources: CNVD: CNVD-2024-20429

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2024-20429
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-20429
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2024-20429

PATCH

title:

Patch for Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2024-20429)

url:

https://www.cnvd.org.cn/patchinfo/show/544886

Trust: 0.6

sources: CNVD: CNVD-2024-20429

EXTERNAL IDS

db:	NVD	id:	CVE-2023-47540	Trust: 0.6
db:	CNVD	id:	CNVD-2024-20429	Trust: 0.6

sources: CNVD: CNVD-2024-20429

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-23-411	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-47540/	Trust: 0.6

sources: CNVD: CNVD-2024-20429

SOURCES

db:

CNVD

id:

CNVD-2024-20429

LAST UPDATE DATE

2024-05-01T22:53:25.906000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2024-20429

date:

2024-04-26T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2024-20429

date:

2024-04-25T00:00:00