An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker to execute unauthorized code or commands via CLI.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-23-411 | Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-23-411 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jan 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker to execute unauthorized code or commands via CLI. |
23 Dec 2024, 14:55
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/psirt/FG-IR-23-411 - Vendor Advisory | |
| CPE | cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* | |
| First Time |
Fortinet
Fortinet fortisandbox |
21 Nov 2024, 08:30
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/psirt/FG-IR-23-411 - |
09 Apr 2024, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-09 15:15
Updated : 2026-01-14 14:16
NVD link : CVE-2023-47540
Mitre link : CVE-2023-47540
CVE.ORG link : CVE-2023-47540
JSON object : View
Products Affected
fortinet
- fortisandbox
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')