CVE-2022-30305

ℹ️ low

Summary

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

CVSS Score

3.7

Low

EPSS Score

0.2

Exploit Probability

Published Date

2022-12-06

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 4.0% of all 321,566 vulnerabilities in our database.

#308,694

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Oct 22, 2024

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE IDs (Weakness Types)

CWE-778 CWE-307

📦 Affected Products 15

Vendor	Product	Status	Affected Versions
fortinet	fortisandbox	Affected	≥ 3.1.0 ≤ 3.1.5
fortinet	fortisandbox	Affected	≥ 4.0.0 ≤ 4.0.2
fortinet	fortisandbox	Affected	v3.2.0
fortinet	fortisandbox	Affected	v3.2.1
fortinet	fortisandbox	Affected	v3.2.2
fortinet	fortisandbox	Affected	v3.2.3
fortinet	fortideceptor	Affected	≥ 3.0.0 ≤ 3.0.2
fortinet	fortideceptor	Affected	≥ 3.2.0 ≤ 3.2.2
fortinet	fortideceptor	Affected	≥ 3.3.0 ≤ 3.3.3
fortinet	fortideceptor	Affected	≥ 4.0.0 ≤ 4.0.2
fortinet	fortideceptor	Affected	v3.1.0
fortinet	fortideceptor	Affected	v3.1.1
fortinet	fortideceptor	Affected	v4.1.0
fortinet	fortideceptor	Affected	v4.1.1
fortinet	fortideceptor	Affected	v4.2.0

🔗 References 1

https://fortiguard.com/psirt/FG-IR-21-170

Patch Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-26083	⛔ critical	9.8	0.1	A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, Fo...	2026-05-12
CVE-2026-25690	🔶 medium	4.3	0.1	An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDec...	2026-05-12
CVE-2026-39808	⛔ critical	9.8	0.3	A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F...	2026-04-14
CVE-2026-39812	🔶 medium	4.8	0.0	A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSa...	2026-04-14
CVE-2026-39813	⛔ critical	9.8	0.1	A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4....	2026-04-14
CVE-2025-53608	🔶 medium	4.8	0.0	An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerabi...	2026-03-10

These CVEs affect the same products