Details of VAR-202212-0577

ID

VAR-202212-0577

CVE

CVE-2022-30305

TITLE

fortinet's FortiDeceptor and FortiSandbox Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023339

DESCRIPTION

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. fortinet's FortiDeceptor and FortiSandbox Exists in unspecified vulnerabilities.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-30305 // JVNDB: JVNDB-2022-023339 // VULHUB: VHN-421799

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortideceptor	scope:	gte	version:	3.2.0	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	lte	version:	4.0.2	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	3.2.3	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	lte	version:	3.0.2	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	3.1.0	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	gte	version:	3.0.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	lte	version:	3.3.3	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	3.1.5	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lte	version:	4.0.2	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	gte	version:	3.3.0	Trust: 1.0
vendor:	fortinet	model:	fortideceptor	scope:	lte	version:	3.2.2	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	3.1.0 to 3.1.5	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	4.0.0 to 4.0.2	Trust: 0.8
vendor:	フォーティネット	model:	fortideceptor	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	3.2.3	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	3.2.1	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	3.2.0	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	eq	version:	3.2.2	Trust: 0.8

sources: JVNDB: JVNDB-2022-023339 // NVD: CVE-2022-30305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30305
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2022-30305
value:	LOW
Trust: 1.0
NVD:	CVE-2022-30305
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-2592
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-30305
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2022-30305
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-30305
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023339 // CNNVD: CNNVD-202212-2592 // NVD: CVE-2022-30305 // NVD: CVE-2022-30305

PROBLEMTYPE DATA

problemtype:	CWE-778	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-307	Trust: 1.0
problemtype:	Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]	Trust: 0.8
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023339 // NVD: CVE-2022-30305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2592

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2592

PATCH

title:	FG-IR-21-170	url:	https://www.fortiguard.com/psirt/FG-IR-21-170	Trust: 0.8
title:	Fortinet FortiSandbox Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=216882	Trust: 0.6

sources: JVNDB: JVNDB-2022-023339 // CNNVD: CNNVD-202212-2592

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30305	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-023339	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-2592	Trust: 0.6
db:	VULHUB	id:	VHN-421799	Trust: 0.1

sources: VULHUB: VHN-421799 // JVNDB: JVNDB-2022-023339 // CNNVD: CNNVD-202212-2592 // NVD: CVE-2022-30305

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-21-170	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30305	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-30305/	Trust: 0.6

sources: VULHUB: VHN-421799 // JVNDB: JVNDB-2022-023339 // CNNVD: CNNVD-202212-2592 // NVD: CVE-2022-30305

SOURCES

db:	VULHUB	id:	VHN-421799
db:	JVNDB	id:	JVNDB-2022-023339
db:	CNNVD	id:	CNNVD-202212-2592
db:	NVD	id:	CVE-2022-30305

LAST UPDATE DATE

2024-08-14T13:52:53.754000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-421799	date:	2022-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-023339	date:	2023-11-28T06:40:00
db:	CNNVD	id:	CNNVD-202212-2592	date:	2022-12-09T00:00:00
db:	NVD	id:	CVE-2022-30305	date:	2023-11-07T03:47:13.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-421799	date:	2022-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-023339	date:	2023-11-28T00:00:00
db:	CNNVD	id:	CNNVD-202212-2592	date:	2022-12-06T00:00:00
db:	NVD	id:	CVE-2022-30305	date:	2022-12-06T17:15:10.660