An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-21-170 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
Summary | An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-307 |
Information
Published : 2022-12-06 17:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-30305
Mitre link : CVE-2022-30305
CVE.ORG link : CVE-2022-30305
JSON object : View
Products Affected
fortinet
- fortisandbox
- fortideceptor
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts
NVD-CWE-Other CWE-778Insufficient Logging