CVE-2022-29054

Published Feb 16, 2023

Last updated a year ago

CVSS low 3.3

Overview

Description: A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.
Source: psirt@fortinet.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 3.3
Impact score: 1.4
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

nvd@nist.gov: NVD-CWE-Other
psirt@fortinet.com: CWE-329

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6BBF05F-4967-4A2E-A8F8-C2086097148B",
            "versionEndIncluding": "1.1.6",
            "versionStartIncluding": "1.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33B84D9A-55E3-4146-A55A-ACB507E61B05",
            "versionEndIncluding": "1.2.13",
            "versionStartIncluding": "1.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6607C71D-D434-430A-8DFD-9125381D2D36",
            "versionEndIncluding": "2.0.11",
            "versionStartIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81E60913-FBE9-467B-AB4B-CA85E97527BA",
            "versionEndExcluding": "7.0.8",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5F302F8-482A-4DA9-BDD9-63886B202B52"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91E7F209-D645-48EC-BB5F-E730E55E8EE9"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EA5512D-6EE5-4DF3-A960-C02394F25225",
            "versionEndIncluding": "6.0.16",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20B53FFE-073D-43E9-9D6F-9C86937C0228",
            "versionEndIncluding": "6.2.12",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A87D865A-6411-4807-81D4-6A5C052C03C9",
            "versionEndIncluding": "6.4.11",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE6D1D19-1227-42BE-87A7-E798D60059A5",
            "versionEndExcluding": "7.0.8",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9B87A2A-4C83-448B-8009-AD20214D58CB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References