ID

VAR-202212-0577


CVE

CVE-2022-30305


TITLE

fortinet's  FortiDeceptor  and  FortiSandbox  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023339

DESCRIPTION

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. fortinet's FortiDeceptor and FortiSandbox Exists in unspecified vulnerabilities.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-30305 // JVNDB: JVNDB-2022-023339 // VULHUB: VHN-421799

AFFECTED PRODUCTS

vendor:fortinetmodel:fortideceptorscope:gteversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:eqversion:4.1.1

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:lteversion:4.0.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:3.2.3

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:lteversion:3.0.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:eqversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:eqversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:eqversion:3.1.1

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:gteversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:lteversion:3.3.3

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:3.2.2

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:3.2.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.0.2

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:eqversion:4.1.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:gteversion:3.3.0

Trust: 1.0

vendor:fortinetmodel:fortideceptorscope:lteversion:3.2.2

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.1.0 to 3.1.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 to 4.0.2

Trust: 0.8

vendor:フォーティネットmodel:fortideceptorscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.3

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.2

Trust: 0.8

sources: JVNDB: JVNDB-2022-023339 // NVD: CVE-2022-30305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30305
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-30305
value: LOW

Trust: 1.0

NVD: CVE-2022-30305
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202212-2592
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-30305
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-30305
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-30305
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023339 // CNNVD: CNNVD-202212-2592 // NVD: CVE-2022-30305 // NVD: CVE-2022-30305

PROBLEMTYPE DATA

problemtype:CWE-778

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-307

Trust: 1.0

problemtype:Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]

Trust: 0.8

problemtype: others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023339 // NVD: CVE-2022-30305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2592

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2592

PATCH

title:FG-IR-21-170url:https://www.fortiguard.com/psirt/FG-IR-21-170

Trust: 0.8

title:Fortinet FortiSandbox Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=216882

Trust: 0.6

sources: JVNDB: JVNDB-2022-023339 // CNNVD: CNNVD-202212-2592

EXTERNAL IDS

db:NVDid:CVE-2022-30305

Trust: 3.3

db:JVNDBid:JVNDB-2022-023339

Trust: 0.8

db:CNNVDid:CNNVD-202212-2592

Trust: 0.6

db:VULHUBid:VHN-421799

Trust: 0.1

sources: VULHUB: VHN-421799 // JVNDB: JVNDB-2022-023339 // CNNVD: CNNVD-202212-2592 // NVD: CVE-2022-30305

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-21-170

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-30305

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-30305/

Trust: 0.6

sources: VULHUB: VHN-421799 // JVNDB: JVNDB-2022-023339 // CNNVD: CNNVD-202212-2592 // NVD: CVE-2022-30305

SOURCES

db:VULHUBid:VHN-421799
db:JVNDBid:JVNDB-2022-023339
db:CNNVDid:CNNVD-202212-2592
db:NVDid:CVE-2022-30305

LAST UPDATE DATE

2024-08-14T13:52:53.754000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-421799date:2022-12-08T00:00:00
db:JVNDBid:JVNDB-2022-023339date:2023-11-28T06:40:00
db:CNNVDid:CNNVD-202212-2592date:2022-12-09T00:00:00
db:NVDid:CVE-2022-30305date:2023-11-07T03:47:13.550

SOURCES RELEASE DATE

db:VULHUBid:VHN-421799date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2022-023339date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-2592date:2022-12-06T00:00:00
db:NVDid:CVE-2022-30305date:2022-12-06T17:15:10.660