An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-21-170 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2022-12-06T16:00:54.500Z
Updated:
Reserved: 2022-05-06T12:09:27.625Z
Link: CVE-2022-30305
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-06T17:15:10.660
Modified: 2023-11-07T03:47:13.550
Link: CVE-2022-30305
JSON object: View
Redhat Information
No data.