Lucene search

[email protected]NVD:CVE-2022-30305

HistoryDec 06, 2022 - 5:15 p.m.

CVE-2022-30305

2022-12-0617:15:10

CWE-778

CWE-307

[email protected]

web.nvd.nist.gov

insufficient logging

fortisandbox

fortideceptor

vulnerability

remote attacker

incorrect credentials

authentication attempts

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

50.4%

JSON

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

Affected configurations

Nvd

Node

fortinetfortideceptorRange3.0.0–3.0.2

fortinetfortideceptorRange3.2.0–3.2.2

fortinetfortideceptorRange3.3.0–3.3.3

fortinetfortideceptorRange4.0.0–4.0.2

fortinetfortideceptorMatch3.1.0

fortinetfortideceptorMatch3.1.1

fortinetfortideceptorMatch4.1.0

fortinetfortideceptorMatch4.1.1

fortinetfortideceptorMatch4.2.0

fortinetfortisandboxRange3.1.0–3.1.5

fortinetfortisandboxRange4.0.0–4.0.2

fortinetfortisandboxMatch3.2.0

fortinetfortisandboxMatch3.2.1

fortinetfortisandboxMatch3.2.2

fortinetfortisandboxMatch3.2.3

VendorProductVersionCPE
fortinetfortideceptor*cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*
fortinetfortideceptor3.1.0cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*
fortinetfortideceptor3.1.1cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*
fortinetfortideceptor4.1.0cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*
fortinetfortideceptor4.1.1cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*
fortinetfortideceptor4.2.0cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*
fortinetfortisandbox*cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*
fortinetfortisandbox3.2.0cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*
fortinetfortisandbox3.2.1cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*
fortinetfortisandbox3.2.2cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortideceptor	*	cpe:2.3:a:fortinet:fortideceptor::::::::
fortinet	fortideceptor	3.1.0	cpe:2.3:a:fortinet:fortideceptor:3.1.0:::::::*
fortinet	fortideceptor	3.1.1	cpe:2.3:a:fortinet:fortideceptor:3.1.1:::::::*
fortinet	fortideceptor	4.1.0	cpe:2.3:a:fortinet:fortideceptor:4.1.0:::::::*
fortinet	fortideceptor	4.1.1	cpe:2.3:a:fortinet:fortideceptor:4.1.1:::::::*
fortinet	fortideceptor	4.2.0	cpe:2.3:a:fortinet:fortideceptor:4.2.0:::::::*
fortinet	fortisandbox	*	cpe:2.3:a:fortinet:fortisandbox::::::::
fortinet	fortisandbox	3.2.0	cpe:2.3:a:fortinet:fortisandbox:3.2.0:::::::*
fortinet	fortisandbox	3.2.1	cpe:2.3:a:fortinet:fortisandbox:3.2.1:::::::*
fortinet	fortisandbox	3.2.2	cpe:2.3:a:fortinet:fortisandbox:3.2.2:::::::*

Rows per page:

1-10 of 111

References

fortiguard.com/psirt/FG-IR-21-170

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

50.4%

JSON

Related for NVD:CVE-2022-30305

cvelist1 cve1 fortinet1 prion1