CVE-2023-47541

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions, FortiSandbox 2.3 all versions, FortiSandbox 2.2 all versions, FortiSandbox 2.1 all versions, FortiSandbox 2.0 all versions allows attacker to execute unauthorized code or commands via CLI.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-23-416	Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-416	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortisandbox::::::::
	cpe:2.3:a:fortinet:fortisandbox::::::::

History

14 Jan 2026, 15:15

Type	Values Removed	Values Added
Summary	(en) An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI.	(en) An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions, FortiSandbox 2.3 all versions, FortiSandbox 2.2 all versions, FortiSandbox 2.1 all versions, FortiSandbox 2.0 all versions allows attacker to execute unauthorized code or commands via CLI.

23 Dec 2024, 14:57

Type	Values Removed	Values Added
First Time		Fortinet Fortinet fortisandbox
References	~~() https://fortiguard.com/psirt/FG-IR-23-416 -~~	() https://fortiguard.com/psirt/FG-IR-23-416 - Vendor Advisory
CPE		cpe:2.3:a:fortinet:fortisandbox::::::::

21 Nov 2024, 08:30

Type	Values Removed	Values Added
References	~~() https://fortiguard.com/psirt/FG-IR-23-416 -~~	() https://fortiguard.com/psirt/FG-IR-23-416 -

09 Apr 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 15:15

Updated : 2026-01-14 15:15

NVD link : CVE-2023-47541

Mitre link : CVE-2023-47541

CVE.ORG link : CVE-2023-47541

JSON object : View

Products Affected

fortinet

fortisandbox

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.7 /10