CVE-2022-30305

Summary

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox4.0.0 <= 4.0.2affected
FortinetFortiSandbox3.2.0 <= 3.2.3affected
FortinetFortiSandbox3.1.0 <= 3.1.5affected
FortinetFortiDeceptor4.2.0affected
FortinetFortiDeceptor4.1.0 <= 4.1.1affected
FortinetFortiDeceptor4.0.0 <= 4.0.2affected
FortinetFortiDeceptor3.3.0 <= 3.3.3affected
FortinetFortiDeceptor3.2.0 <= 3.2.2affected
FortinetFortiDeceptor3.1.0 <= 3.1.1affected
FortinetFortiDeceptor3.0.0 <= 3.0.2affected

Weaknesses

  • CWE-778: Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References