CVE-2022-26115

Summary

A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox4.0.0 <= 4.0.2affected
FortinetFortiSandbox3.2.0 <= 3.2.3affected

Weaknesses

  • CWE-916: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References