CVE-2023-47541

Name of the Vulnerable Software and Affected Versions: FortiSandbox versions 2.0.0 through 2.0.3 FortiSandbox versions 2.1.0 through 2.1.3 FortiSandbox versions 2.2.0 through 2.2.2 FortiSandbox versions 2.3.0 through 2.3.3 FortiSandbox versions 2.4.0 through 2.4.1 FortiSandbox versions 2.5.0 through 2.5.2 FortiSandbox versions 3.0.0 through 3.0.7 FortiSandbox versions 3.1.0 through 3.1.5 FortiSandbox versions 3.2.0 through 3.2.4 FortiSandbox versions 4.0.0 through 4.0.5 FortiSandbox versions 4.2.0 through 4.2.6 FortiSandbox versions 4.4.0 through 4.4.2

Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'path traversal', in FortiSandbox. This can allow an attacker to execute unauthorized code or commands via the Command Line Interface (CLI).

Recommendations: For FortiSandbox versions 2.0.0 through 2.0.3, update to a version outside of this range. For FortiSandbox versions 2.1.0 through 2.1.3, update to a version outside of this range. For FortiSandbox versions 2.2.0 through 2.2.2, update to a version outside of this range. For FortiSandbox versions 2.3.0 through 2.3.3, update to a version outside of this range. For FortiSandbox versions 2.4.0 through 2.4.1, update to a version outside of this range. For FortiSandbox versions 2.5.0 through 2.5.2, update to a version outside of this range. For FortiSandbox versions 3.0.0 through 3.0.7, update to a version outside of this range. For FortiSandbox versions 3.1.0 through 3.1.5, update to a version outside of this range. For FortiSandbox versions 3.2.0 through 3.2.4, update to a version outside of this range. For FortiSandbox versions 4.0.0 through 4.0.5, update to a version outside of this range. For FortiSandbox versions 4.2.0 through 4.2.6, update to a version outside of this range. For FortiSandbox versions 4.4.0 through 4.4.2, update to a version outside of this range. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.