Main Vulnerability Database Vulnerabilities #VU67033

Missing Required Cryptographic Step in FortiOS - CVE-2022-29053

Published: September 6, 2022

Vulnerability identifier: #VU67033

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-29053

CWE-ID: CWE-325

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to unspecified error in the functions that encrypt the keytab files in FortiOS. An attacker with access to the encrypted file can decrypt it.

How to mitigate CVE-2022-29053

Install updates from vendor's website.

Sources

https://fortiguard.fortinet.com/psirt/FG-IR-22-158

Missing Required Cryptographic Step in FortiOS - CVE-2022-29053

Detailed vulnerability description

How to mitigate CVE-2022-29053

Sources

Please verify you're human