PT-2022-20057 · Fortinet · Fortisandbox+1
Published
2022-12-06
·
Updated
2023-08-08
·
CVE-2022-30305
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
FortiSandbox versions 3.1.0 through 4.0.2
FortiSandbox versions 3.2.0 through 3.2.3
FortiDeceptor versions 3.0.0 through 4.2.0
Description
An insufficient logging issue may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Recommendations
For FortiSandbox versions 3.1.0 through 4.0.2, update to a version that includes a fix for this issue.
For FortiSandbox versions 3.2.0 through 3.2.3, update to a version that includes a fix for this issue.
For FortiDeceptor versions 3.0.0 through 4.2.0, update to a version that includes a fix for this issue.
As a temporary workaround, consider implementing additional logging measures to monitor authentication attempts until a patch is available.
Restrict access to the affected systems to minimize the risk of exploitation.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fortideceptor
Fortisandbox