An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NFortinet Fortideceptor
APPFortinet3.1.03.1.14.1.04.1.14.2.03.0.0 – 3.0.23.2.0 – 3.2.23.3.0 – 3.3.34.0.0 – 4.0.2Fortinet Fortisandbox
APPFortinet3.2.03.2.13.2.23.2.33.1.0 – 3.1.54.0.0 – 4.0.2
Related vulnerabilities
Command injection w Fortinet FortiSandbox — dostęp bez uwierzytelnienia
Brak autoryzacji w Fortinet FortiSandbox umożliwia zdalne wykonanie kodu
Command Injection w Fortinet FortiSandbox umożliwiający RCE
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 ...
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79]...