CVE-2022-26115 MEDIUM

CVE-2022-26115

Vendor Fortinet
Product FortiSandbox
Weakness CWE-916
Published February 16, 2023
Last update October 22, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X

What the vulnerability does

01Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.

Key dates

02Disclosure timeline

February 16, 2023 CVE published
October 22, 2024 Record updated