CVE-2023-48785 — Vulnetix

CVE-2023-48785 PUBLISHED CVSS 8.600000381469727 HIGH

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..

EPSS 0.10% · 26.5th percentile

Risk Scores

CVSS v3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

EPSS Score

0.10%

26.5th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiSandbox	4.4.0, 4.2.1, 4.0.0
fortinet	fortisandbox	4.0.0, 4.2.0, 4.4.0

Timeline

Apr 10, 2024 CVE Published
Mar 14, 2025 Coalition ESS Score
Mar 15, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Apr 11, 2025 EPSS Score
Apr 24, 2025 EPSS Score
May 8, 2025 EPSS Score
May 21, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jun 17, 2025 EPSS Score
Jul 1, 2025 EPSS Score
Jul 14, 2025 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-24-060 advisory
https://www.fortiguard.com/psirt/FG-IR-24-009 advisory
https://www.fortiguard.com/psirt/FG-IR-23-419 advisory
https://www.fortiguard.com/psirt/FG-IR-23-454 advisory
https://www.fortiguard.com/psirt/FG-IR-23-224 advisory
https://www.fortiguard.com/psirt/FG-IR-23-345 advisory
https://www.fortiguard.com/psirt/FG-IR-23-416 advisory
https://www.fortiguard.com/psirt/FG-IR-23-411 advisory
https://www.fortiguard.com/psirt/FG-IR-23-288 advisory
https://www.fortiguard.com/psirt/FG-IR-23-413 advisory
https://www.fortiguard.com/psirt/FG-IR-23-087 advisory
https://www.fortiguard.com/psirt/FG-IR-23-489 advisory
https://www.fortiguard.com/psirt/FG-IR-23-493 advisory
https://fortiguard.com/psirt/FG-IR-23-489 url

Open in Interactive Console →