CVE-2022-30305
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
| Software | From | Fixed in |
|---|---|---|
| fortinet / fortideceptor | 3.1.0 | 3.1.0.x |
| fortinet / fortisandbox | 3.2.2 | 3.2.2.x |
| fortinet / fortisandbox | 3.2.0 | 3.2.0.x |
| fortinet / fortisandbox | 3.2.1 | 3.2.1.x |
| fortinet / fortideceptor | 3.1.1 | 3.1.1.x |
| fortinet / fortideceptor | 4.1.0 | 4.1.0.x |
| fortinet / fortideceptor | 4.1.1 | 4.1.1.x |
| fortinet / fortideceptor | 4.2.0 | 4.2.0.x |
| fortinet / fortideceptor | 3.0.0 | 3.0.2.x |
| fortinet / fortideceptor | 3.2.0 | 3.2.2.x |
| fortinet / fortideceptor | 3.3.0 | 3.3.3.x |
| fortinet / fortideceptor | 4.0.0 | 4.0.2.x |
| fortinet / fortisandbox | 3.1.0 | 3.1.5.x |
| fortinet / fortisandbox | 3.2.3 | 3.2.3.x |
| fortinet / fortisandbox | 4.0.0 | 4.0.2.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime