Vulnerability Details CVE-2022-30305
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.4%
CVSS Severity
CVSS v3 Score 3.7
Products affected by CVE-2022-30305
-
cpe:2.3:a:fortinet:fortideceptor:3.0.0
-
cpe:2.3:a:fortinet:fortideceptor:3.0.1
-
cpe:2.3:a:fortinet:fortideceptor:3.0.2
-
cpe:2.3:a:fortinet:fortideceptor:3.1.0
-
cpe:2.3:a:fortinet:fortideceptor:3.1.1
-
cpe:2.3:a:fortinet:fortideceptor:3.2.0
-
cpe:2.3:a:fortinet:fortideceptor:3.2.1
-
cpe:2.3:a:fortinet:fortideceptor:3.2.2
-
cpe:2.3:a:fortinet:fortideceptor:3.3.0
-
cpe:2.3:a:fortinet:fortideceptor:3.3.1
-
cpe:2.3:a:fortinet:fortideceptor:3.3.2
-
cpe:2.3:a:fortinet:fortideceptor:3.3.3
-
cpe:2.3:a:fortinet:fortideceptor:4.0.0
-
cpe:2.3:a:fortinet:fortideceptor:4.0.1
-
cpe:2.3:a:fortinet:fortideceptor:4.0.2
-
cpe:2.3:a:fortinet:fortideceptor:4.1.0
-
cpe:2.3:a:fortinet:fortideceptor:4.1.1
-
cpe:2.3:a:fortinet:fortideceptor:4.2.0
-
cpe:2.3:a:fortinet:fortisandbox:3.1.0
-
cpe:2.3:a:fortinet:fortisandbox:3.1.1
-
cpe:2.3:a:fortinet:fortisandbox:3.1.2
-
cpe:2.3:a:fortinet:fortisandbox:3.1.3
-
cpe:2.3:a:fortinet:fortisandbox:3.1.4
-
cpe:2.3:a:fortinet:fortisandbox:3.1.5
-
cpe:2.3:a:fortinet:fortisandbox:3.2.0
-
cpe:2.3:a:fortinet:fortisandbox:3.2.1
-
cpe:2.3:a:fortinet:fortisandbox:3.2.2
-
cpe:2.3:a:fortinet:fortisandbox:3.2.3
-
cpe:2.3:a:fortinet:fortisandbox:4.0.0
-
cpe:2.3:a:fortinet:fortisandbox:4.0.1
-
cpe:2.3:a:fortinet:fortisandbox:4.0.2