CVE-2022-30305

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

Published: Dec 6, 2022
Updated: Nov 8, 2023
CVE: CVE-2022-30305
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-307

Affected Software
References

Software	From	Fixed in
fortinet / fortideceptor	3.1.0	3.1.0.x
fortinet / fortisandbox	3.2.2	3.2.2.x
fortinet / fortisandbox	3.2.0	3.2.0.x
fortinet / fortisandbox	3.2.1	3.2.1.x
fortinet / fortideceptor	3.1.1	3.1.1.x
fortinet / fortideceptor	4.1.0	4.1.0.x
fortinet / fortideceptor	4.1.1	4.1.1.x
fortinet / fortideceptor	4.2.0	4.2.0.x
fortinet / fortideceptor	3.0.0	3.0.2.x
fortinet / fortideceptor	3.2.0	3.2.2.x
fortinet / fortideceptor	3.3.0	3.3.3.x
fortinet / fortideceptor	4.0.0	4.0.2.x
fortinet / fortisandbox	3.1.0	3.1.5.x
fortinet / fortisandbox	3.2.3	3.2.3.x
fortinet / fortisandbox	4.0.0	4.0.2.x

https://fortiguard.com/psirt/FG-IR-21-170

Vulnerability Database

289,871

CVE-2022-30305