CVE-2022-30305

3.6LOW

Key Information:

Vendor: Fortinet
Status: Fortisandbox; Fortideceptor
Vendor: CVE Published:; 6 December 2022

Summary

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

Affected Version(s)

FortiDeceptor 4.2.0

FortiDeceptor 4.1.0 <= 4.1.1

FortiDeceptor 4.0.0 <= 4.0.2

References

https://fortiguard.com/psirt/FG-IR-21-170

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2022
Vulnerability Reserved
May 6, 2022

Collectors

NVD DatabaseMitre Database