Unrated severityNVD Advisory· Published Dec 6, 2022· Updated Oct 22, 2024
CVE-2022-30305
CVE-2022-30305
Description
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Affected products
44.0.0 to 4.0.2, 3.2.0 to 3.2.3, 3.1.0 to 3.1.5+ 1 more
- (no CPE)range: 4.0.0 to 4.0.2, 3.2.0 to 3.2.3, 3.1.0 to 3.1.5
- (no CPE)range: 4.0.0
4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2, 3.1.0 through 3.1.1, 3.0.0 through 3.0.2+ 1 more
- (no CPE)range: 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2, 3.1.0 through 3.1.1, 3.0.0 through 3.0.2
- (no CPE)range: 4.2.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.