Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
October 17, 2023Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs
October 17, 2023Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
October 17, 2023Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs
October 17, 2023Severity
Medium
Analysis Summary
CVE-2023-41843 CVSS:7.5
Fortinet FortiSandbox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-41836 CVSS:3.5
Fortinet FortiSandbox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-41680 CVSS:7.5
Fortinet FortiSandbox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-41681 CVSS:7.5
Fortinet FortiSandbox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-41682 CVSS:8.1
Fortinet FortiSandbox could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to delete arbitrary files on the system.
Impact
- Cross-Site Scripting
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-41843
- CVE-2023-41836
- CVE-2023-41680
- CVE-2023-41681
- CVE-2023-41682
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiSandbox 3.2.0
- Fortinet FortiSandbox 4.0.0
- Fortinet FortiSandbox 4.2.4
- Fortinet FortiSandbox 3.0.4
- Fortinet FortiSandbox 3.0.7
- Fortinet FortiSandbox 4.4.1
- Fortinet FortiSandbox 3.0.0
- Fortinet FortiSandbox 4.4.0
- Fortinet FortiSandbox 4.2.5
- Fortinet FortiSandbox 4.0.3
- Fortinet FortiSandbox 4.2.0
- Fortinet FortiSandbox 3.1.0
- Fortinet FortiSandbox 2.4.0
- Fortinet FortiSandbox 2.4.1
- Fortinet FortiSandbox 2.5.0
Remediation
Refer to FortiGuard Secuirty Advisory for patch, upgrade or suggested workaround information.