{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:45:32.704","vulnerabilities":[{"cve":{"id":"CVE-2023-41682","sourceIdentifier":"psirt@fortinet.com","published":"2023-10-13T15:15:44.123","lastModified":"2026-01-14T14:16:08.510","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4 all versions allows attacker to denial of service via crafted http requests."},{"lang":"es","value":"Una limitación inadecuada de un nombre de ruta a un directorio restringido (\"path traversal\") en Fortinet FortiSandbox versión 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 y 3.2.0 a 3.2.4 y 2.5. 0 a 2.5.2 y 2.4.1 y 2.4.0 permiten al atacante denegar el servicio a través de solicitudes HTTP manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndIncluding":"2.4.1","matchCriteriaId":"35A16A53-EF93-4AA5-BED7-4306B6114E7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndIncluding":"2.5.2","matchCriteriaId":"BE6821DD-58BA-4E28-AE24-2F121DB60C7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndIncluding":"3.2.4","matchCriteriaId":"16BB4915-1330-45E5-887E-AD97C29F500B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.3","matchCriteriaId":"BDE7AD84-C361-4C18-9655-10698982EB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndIncluding":"4.2.5","matchCriteriaId":"4641E869-8B7B-4DD7-89A9-1EA0BCE51C35"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"0CD764B6-2235-4C06-8A0C-AF5889B027F7"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-280","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-23-280","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}