CVE-2022-22302

A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-20-014 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*

History

18 Jul 2023, 16:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3
CWE CWE-312
References (MISC) https://fortiguard.com/psirt/FG-IR-20-014 - (MISC) https://fortiguard.com/psirt/FG-IR-20-014 - Vendor Advisory
First Time Fortinet fortiauthenticator
Fortinet fortios
Fortinet
CPE cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*

11 Jul 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-11 09:15

Updated : 2024-02-28 20:13


NVD link : CVE-2022-22302

Mitre link : CVE-2022-22302

CVE.ORG link : CVE-2022-22302


JSON object : View

Products Affected

fortinet

  • fortios
  • fortiauthenticator
CWE
CWE-312

Cleartext Storage of Sensitive Information