An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
2022-12-06T17:15:10.660
2024-11-21T07:02:32.330
Modified
CVSSv3.1: 3.7 (LOW)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortideceptor | ≤ 3.0.2 | Yes |
| Application | fortinet | fortideceptor | ≤ 3.2.2 | Yes |
| Application | fortinet | fortideceptor | ≤ 3.3.3 | Yes |
| Application | fortinet | fortideceptor | ≤ 4.0.2 | Yes |
| Application | fortinet | fortideceptor | 3.1.0 | Yes |
| Application | fortinet | fortideceptor | 3.1.1 | Yes |
| Application | fortinet | fortideceptor | 4.1.0 | Yes |
| Application | fortinet | fortideceptor | 4.1.1 | Yes |
| Application | fortinet | fortideceptor | 4.2.0 | Yes |
| Application | fortinet | fortisandbox | ≤ 3.1.5 | Yes |
| Application | fortinet | fortisandbox | ≤ 4.0.2 | Yes |
| Application | fortinet | fortisandbox | 3.2.0 | Yes |
| Application | fortinet | fortisandbox | 3.2.1 | Yes |
| Application | fortinet | fortisandbox | 3.2.2 | Yes |
| Application | fortinet | fortisandbox | 3.2.3 | Yes |