Lucene search

[email protected]CVE-2022-30305

HistoryDec 06, 2022 - 5:15 p.m.

CVE-2022-30305

2022-12-0617:15:10

CWE-778

CWE-307

[email protected]

web.nvd.nist.gov

cve-2022-30305

insufficient logging

cwe-778

fortisandbox

fortideceptor

remote attacker

authentication

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

JSON

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

Affected configurations

NVD

Node

fortinetfortideceptorRange3.0.0–3.0.2

fortinetfortideceptorRange3.2.0–3.2.2

fortinetfortideceptorRange3.3.0–3.3.3

fortinetfortideceptorRange4.0.0–4.0.2

fortinetfortideceptorMatch3.1.0

fortinetfortideceptorMatch3.1.1

fortinetfortideceptorMatch4.1.0

fortinetfortideceptorMatch4.1.1

fortinetfortideceptorMatch4.2.0

fortinetfortisandboxRange3.1.0–3.1.5

fortinetfortisandboxRange4.0.0–4.0.2

fortinetfortisandboxMatch3.2.0

fortinetfortisandboxMatch3.2.1

fortinetfortisandboxMatch3.2.2

fortinetfortisandboxMatch3.2.3

CPENameOperatorVersion
fortinet:fortideceptorfortinet fortideceptorle3.0.2
fortinet:fortideceptorfortinet fortideceptorle3.2.2
fortinet:fortideceptorfortinet fortideceptorle3.3.3
fortinet:fortideceptorfortinet fortideceptorle4.0.2
fortinet:fortideceptorfortinet fortideceptoreq3.1.0
fortinet:fortideceptorfortinet fortideceptoreq3.1.1
fortinet:fortideceptorfortinet fortideceptoreq4.1.0
fortinet:fortideceptorfortinet fortideceptoreq4.1.1
fortinet:fortideceptorfortinet fortideceptoreq4.2.0
fortinet:fortisandboxfortinet fortisandboxle3.1.5

CPE	Name	Operator	Version
fortinet:fortideceptor	fortinet fortideceptor	le	3.0.2
fortinet:fortideceptor	fortinet fortideceptor	le	3.2.2
fortinet:fortideceptor	fortinet fortideceptor	le	3.3.3
fortinet:fortideceptor	fortinet fortideceptor	le	4.0.2
fortinet:fortideceptor	fortinet fortideceptor	eq	3.1.0
fortinet:fortideceptor	fortinet fortideceptor	eq	3.1.1
fortinet:fortideceptor	fortinet fortideceptor	eq	4.1.0
fortinet:fortideceptor	fortinet fortideceptor	eq	4.1.1
fortinet:fortideceptor	fortinet fortideceptor	eq	4.2.0
fortinet:fortisandbox	fortinet fortisandbox	le	3.1.5

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiSandbox",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "4.0.0",
        "lessThanOrEqual": "4.0.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.2.0",
        "lessThanOrEqual": "3.2.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.1.0",
        "lessThanOrEqual": "3.1.5",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiDeceptor",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "4.2.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "4.1.0",
        "lessThanOrEqual": "4.1.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "4.0.0",
        "lessThanOrEqual": "4.0.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.3.0",
        "lessThanOrEqual": "3.3.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.2.0",
        "lessThanOrEqual": "3.2.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.1.0",
        "lessThanOrEqual": "3.1.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.0.0",
        "lessThanOrEqual": "3.0.2",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-21-170

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

JSON

Related for CVE-2022-30305

cvelist1 nvd1 prion1 fortinet1