An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-21-170 |
History
Tue, 22 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-12-06T16:00:54.500Z
Updated: 2024-10-22T20:51:37.602Z
Reserved: 2022-05-06T12:09:27.625Z
Link: CVE-2022-30305
Vulnrichment
Updated: 2024-08-03T06:48:36.289Z
NVD
Status : Modified
Published: 2022-12-06T17:15:10.660
Modified: 2024-11-21T07:02:32.330
Link: CVE-2022-30305
Redhat
No data.