An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
References
History

Tue, 22 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2022-12-06T16:00:54.500Z

Updated: 2024-10-22T20:51:37.602Z

Reserved: 2022-05-06T12:09:27.625Z

Link: CVE-2022-30305

cve-icon Vulnrichment

Updated: 2024-08-03T06:48:36.289Z

cve-icon NVD

Status : Modified

Published: 2022-12-06T17:15:10.660

Modified: 2024-11-21T07:02:32.330

Link: CVE-2022-30305

cve-icon Redhat

No data.