CVE-2022-30305 - Vulnerability Details - OpenCVE

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Fortideceptor Fortisandbox

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortideceptor::::::::
	cpe:2.3:a:fortinet:fortideceptor::::::::
	cpe:2.3:a:fortinet:fortideceptor::::::::
	cpe:2.3:a:fortinet:fortideceptor::::::::
	cpe:2.3:a:fortinet:fortideceptor:3.1.0:::::::*
	cpe:2.3:a:fortinet:fortideceptor:3.1.1:::::::*
	cpe:2.3:a:fortinet:fortideceptor:4.1.0:::::::*
	cpe:2.3:a:fortinet:fortideceptor:4.1.1:::::::*
	cpe:2.3:a:fortinet:fortideceptor:4.2.0:::::::*
	cpe:2.3:a:fortinet:fortisandbox::::::::
	cpe:2.3:a:fortinet:fortisandbox::::::::
	cpe:2.3:a:fortinet:fortisandbox:3.2.0:::::::*
	cpe:2.3:a:fortinet:fortisandbox:3.2.1:::::::*
	cpe:2.3:a:fortinet:fortisandbox:3.2.2:::::::*
	cpe:2.3:a:fortinet:fortisandbox:3.2.3:::::::*

No data.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-21-170

History

Tue, 22 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2022-12-06T16:00:54.500Z

Updated: 2024-10-22T20:51:37.602Z

Reserved: 2022-05-06T12:09:27.625Z

Link: CVE-2022-30305

Vulnrichment

Updated: 2024-08-03T06:48:36.289Z

NVD

Status : Modified

Published: 2022-12-06T17:15:10.660

Modified: 2024-11-21T07:02:32.330

Link: CVE-2022-30305

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-30305", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677", "dateReserved": "2022-05-06T12:09:27.625Z", "datePublished": "2022-12-06T16:00:54.500Z", "dateUpdated": "2024-10-22T20:51:37.602Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.3", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.5", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiDeceptor", "defaultStatus": "unaffected", "versions": [{"version": "4.2.0", "status": "affected"}, {"versionType": "semver", "version": "4.1.0", "lessThanOrEqual": "4.1.1", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.3.0", "lessThanOrEqual": "3.3.3", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.2", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.1", "status": "affected"}, {"versionType": "semver", "version": "3.0.0", "lessThanOrEqual": "3.0.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2022-12-06T16:00:54.500Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-778", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiSandbox version 4.2.1 or above\nPlease upgrade to FortiDeceptor version 4.3.0 or above"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-21-170", "url": "https://fortiguard.com/psirt/FG-IR-21-170"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:36.289Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-21-170", "url": "https://fortiguard.com/psirt/FG-IR-21-170", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T20:18:52.650973Z", "id": "CVE-2022-30305", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:51:37.602Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-21-170", "name": "https://fortiguard.com/psirt/FG-IR-21-170", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:36.289Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-30305", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T20:18:52.650973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:21:09.332Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.3"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.5"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiDeceptor", "versions": [{"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.1.0", "versionType": "semver", "lessThanOrEqual": "4.1.1"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}, {"status": "affected", "version": "3.3.0", "versionType": "semver", "lessThanOrEqual": "3.3.3"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.2"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.1"}, {"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiSandbox version 4.2.1 or above\nPlease upgrade to FortiDeceptor version 4.3.0 or above"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-21-170", "name": "https://fortiguard.com/psirt/FG-IR-21-170"}], "descriptions": [{"lang": "en", "value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-778", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2022-12-06T16:00:54.500Z"}}}, "cveMetadata": {"cveId": "CVE-2022-30305", "state": "PUBLISHED", "dateUpdated": "2024-10-22T20:51:37.602Z", "dateReserved": "2022-05-06T12:09:27.625Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2022-12-06T16:00:54.500Z", "requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "01A6C490-83C0-439C-BC36-157D732F362B", "versionEndIncluding": "3.0.2", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD1D0126-C1C4-4F76-A78F-F0BEC7B3EB0C", "versionEndIncluding": "3.2.2", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "840D39F9-C790-4AF6-9E9D-2299083C008A", "versionEndIncluding": "3.3.3", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "16BF9690-3D39-4FCC-A314-68C17E1E0892", "versionEndIncluding": "4.0.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "67A22BDE-857F-4A92-A027-38C4A6D6144D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5DB5762A-D14A-4F7F-A9DA-1979FFFBF1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "48655ECC-C9A9-4AD9-993B-7B2965E9266F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C2CF71B3-7E56-4D31-BE5D-682D553249BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC3F4599-8FB1-40AF-96A9-11B58DE44C95", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C47A3DB-A02A-488D-B0E1-867A19CE43B8", "versionEndIncluding": "3.1.5", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "30CE4EF6-1AC0-49A2-BC7B-43D1B453DC3B", "versionEndIncluding": "4.0.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DDB3490-E30F-45CC-81B7-EFB5C1A60DA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "143DD85B-4CE7-409D-B215-6069D2EF33D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "53070F6A-CC5B-43C9-96F9-2C0930A8D3CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "4B38F72A-A271-43FE-8FBF-02AB87BA9D47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."}, {"lang": "es", "value": "Una vulnerabilidad de registro insuficiente [CWE-778] en las versiones 4.0.0 a 4.0.2, 3.2.0 a 3.2.3 y 3.1.0 a 3.1.5 de FortiSandbox y las versiones 4.2.0, 4.1.0 a 4.1.1 de FortiDeceptor. 4.0.0 a 4.0.2, 3.3.0 a 3.3.3, 3.2.0 a 3.2.2, 3.1.0 a 3.1.1 y 3.0.0 a 3.0.2 pueden permitir que un atacante remoto ingrese repetidamente credenciales incorrectas sin generar una entrada de registro y sin l\u00edmite en el n\u00famero de intentos fallidos de autenticaci\u00f3n."}], "id": "CVE-2022-30305", "lastModified": "2024-11-21T07:02:32.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-06T17:15:10.660", "references": [{"source": "psirt@fortinet.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-21-170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-21-170"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-778"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-307"}, {"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}