CVE-2022-30305 Information
Dec 09, 2022
cve
Description
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0 4.1.0 through 4.1.1 4.0.0 through 4.0.2 3.3.0 through 3.3.3 3.2.0 through 3.2.23.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry and with no limit on the number of failed authentication attempts.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Reference
https://fortiguard.com/psirt/FG-IR-21-170
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
7.5
Share on: