{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-30305", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677", "dateReserved": "2022-05-06T12:09:27.625Z", "datePublished": "2022-12-06T16:00:54.500Z", "dateUpdated": "2024-10-22T20:51:37.602Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.3", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.5", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiDeceptor", "defaultStatus": "unaffected", "versions": [{"version": "4.2.0", "status": "affected"}, {"versionType": "semver", "version": "4.1.0", "lessThanOrEqual": "4.1.1", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.3.0", "lessThanOrEqual": "3.3.3", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.2", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.1", "status": "affected"}, {"versionType": "semver", "version": "3.0.0", "lessThanOrEqual": "3.0.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2022-12-06T16:00:54.500Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-778", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiSandbox version 4.2.1 or above\nPlease upgrade to FortiDeceptor version 4.3.0 or above"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-21-170", "url": "https://fortiguard.com/psirt/FG-IR-21-170"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:36.289Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-21-170", "url": "https://fortiguard.com/psirt/FG-IR-21-170", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T20:18:52.650973Z", "id": "CVE-2022-30305", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:51:37.602Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-21-170", "name": "https://fortiguard.com/psirt/FG-IR-21-170", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:36.289Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-30305", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T20:18:52.650973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:21:09.332Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "FortiSandbox", "versions": [{"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.3"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.5"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiDeceptor", "versions": [{"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.1.0", "versionType": "semver", "lessThanOrEqual": "4.1.1"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}, {"status": "affected", "version": "3.3.0", "versionType": "semver", "lessThanOrEqual": "3.3.3"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.2"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.1"}, {"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiSandbox version 4.2.1 or above\nPlease upgrade to FortiDeceptor version 4.3.0 or above"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-21-170", "name": "https://fortiguard.com/psirt/FG-IR-21-170"}], "descriptions": [{"lang": "en", "value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-778", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2022-12-06T16:00:54.500Z"}}}, "cveMetadata": {"cveId": "CVE-2022-30305", "state": "PUBLISHED", "dateUpdated": "2024-10-22T20:51:37.602Z", "dateReserved": "2022-05-06T12:09:27.625Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2022-12-06T16:00:54.500Z", "requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "01A6C490-83C0-439C-BC36-157D732F362B", "versionEndIncluding": "3.0.2", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD1D0126-C1C4-4F76-A78F-F0BEC7B3EB0C", "versionEndIncluding": "3.2.2", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "840D39F9-C790-4AF6-9E9D-2299083C008A", "versionEndIncluding": "3.3.3", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "16BF9690-3D39-4FCC-A314-68C17E1E0892", "versionEndIncluding": "4.0.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "67A22BDE-857F-4A92-A027-38C4A6D6144D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5DB5762A-D14A-4F7F-A9DA-1979FFFBF1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "48655ECC-C9A9-4AD9-993B-7B2965E9266F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C2CF71B3-7E56-4D31-BE5D-682D553249BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC3F4599-8FB1-40AF-96A9-11B58DE44C95", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C47A3DB-A02A-488D-B0E1-867A19CE43B8", "versionEndIncluding": "3.1.5", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "30CE4EF6-1AC0-49A2-BC7B-43D1B453DC3B", "versionEndIncluding": "4.0.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DDB3490-E30F-45CC-81B7-EFB5C1A60DA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "143DD85B-4CE7-409D-B215-6069D2EF33D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "53070F6A-CC5B-43C9-96F9-2C0930A8D3CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "4B38F72A-A271-43FE-8FBF-02AB87BA9D47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts."}, {"lang": "es", "value": "Una vulnerabilidad de registro insuficiente [CWE-778] en las versiones 4.0.0 a 4.0.2, 3.2.0 a 3.2.3 y 3.1.0 a 3.1.5 de FortiSandbox y las versiones 4.2.0, 4.1.0 a 4.1.1 de FortiDeceptor. 4.0.0 a 4.0.2, 3.3.0 a 3.3.3, 3.2.0 a 3.2.2, 3.1.0 a 3.1.1 y 3.0.0 a 3.0.2 pueden permitir que un atacante remoto ingrese repetidamente credenciales incorrectas sin generar una entrada de registro y sin l\u00edmite en el n\u00famero de intentos fallidos de autenticaci\u00f3n."}], "id": "CVE-2022-30305", "lastModified": "2024-11-21T07:02:32.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-06T17:15:10.660", "references": [{"source": "psirt@fortinet.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-21-170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-21-170"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-778"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-307"}, {"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}