CVE-2023-41844

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 3.0.0 through 3.0.4 Fortinet FortiSandbox versions 3.1.0 through 3.1.5 Fortinet FortiSandbox versions 3.2.0 through 3.2.4 Fortinet FortiSandbox versions 4.0.0 through 4.0.3 Fortinet FortiSandbox versions 4.2.0 through 4.2.5 Fortinet FortiSandbox version 4.4.0 Fortinet FortiSandbox version 4.4.1

Description The issue is related to an improper neutralization of input during web page generation, also known as cross-site scripting, which allows an attacker to execute unauthorized code or commands via crafted HTTP requests in the capture traffic endpoint. This can be exploited by sending specially crafted HTTP requests, potentially leading to unauthorized actions.

Recommendations For Fortinet FortiSandbox versions 3.0.0 through 3.0.4, update to a version that includes the fix for this issue. For Fortinet FortiSandbox versions 3.1.0 through 3.1.5, update to a version that includes the fix for this issue. For Fortinet FortiSandbox versions 3.2.0 through 3.2.4, update to a version that includes the fix for this issue. For Fortinet FortiSandbox versions 4.0.0 through 4.0.3, update to a version that includes the fix for this issue. For Fortinet FortiSandbox versions 4.2.0 through 4.2.5, update to a version that includes the fix for this issue. For Fortinet FortiSandbox version 4.4.0, update to a version that includes the fix for this issue. For Fortinet FortiSandbox version 4.4.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the capture traffic endpoint until a patch is available.