CVE-2022-29054

CVE Database · CVE-2022-29054

CVE-2022-29054

· LOWModified

CVSS v3.1

3.3

EPSS

0.17%

Published

Feb 16, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-329

Affected Products (11)

fortinet · fortiproxyvulnerable

fortinet · fortiproxy (up to 7.0.8)vulnerable

fortinet · fortiproxyvulnerable

fortinet · fortiosvulnerable

fortinet · fortios (up to 7.0.8)

References (2)

https://fortiguard.com/psirt/FG-IR-22-080

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-080

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs