Insufficient Logging Vulnerability in FortiSandbox and FortiDeceptor Products
CVE-2022-30305

3.6LOW

Key Information:

Vendor: Fortinet
Status: Fortisandbox; Fortideceptor
Vendor: CVE Published:; 6 December 2022

Summary

An insufficient logging vulnerability exists in specific versions of FortiSandbox and FortiDeceptor that could allow attackers to repeatedly enter incorrect credentials without any log entry being generated. This flaw also permits an unlimited number of failed login attempts, which potentially enables unauthorized access to systems. As a result, it is imperative for users to assess their security posture and implement necessary safeguards to mitigate this risk.

Affected Version(s)

FortiDeceptor 4.2.0

FortiDeceptor 4.1.0 <= 4.1.1

FortiDeceptor 4.0.0 <= 4.0.2

References

https://fortiguard.com/psirt/FG-IR-21-170

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2022
Vulnerability Reserved
May 6, 2022