CVE-2022-29054 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2022-29054

Modified

More Info Official Page

Source-psirt@fortinet.com

Published At-16 Feb, 2023 | 19:15

Updated At-07 Nov, 2023 | 03:45

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary	3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CPE Matches

>>fortiproxy>>Versions from 1.1.0(inclusive) to 1.1.6(inclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 1.2.0(inclusive) to 1.2.13(inclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 2.0.0(inclusive) to 2.0.11(inclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 7.0.0(inclusive) to 7.0.8(exclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>7.2.0

cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*

>>fortiproxy>>7.2.1

cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*

>>fortios>>Versions from 6.0.0(inclusive) to 6.0.16(inclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 6.2.0(inclusive) to 6.2.12(inclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 6.4.0(inclusive) to 6.4.11(inclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 7.0.0(inclusive) to 7.0.8(exclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>7.2.0

cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-329	Secondary	psirt@fortinet.com

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-329

Type: Secondary

Source: psirt@fortinet.com

References

Hyperlink	Source	Resource
https://fortiguard.com/psirt/FG-IR-22-080	psirt@fortinet.com	Vendor Advisory

Hyperlink: https://fortiguard.com/psirt/FG-IR-22-080

Source: psirt@fortinet.com

Resource:

Vendor Advisory