CVE-2022-22302

A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*

History

21 Nov 2024, 06:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.3
v2 : unknown
v3 : 5.3
References () https://fortiguard.com/psirt/FG-IR-20-014 - Vendor Advisory () https://fortiguard.com/psirt/FG-IR-20-014 - Vendor Advisory

18 Jul 2023, 16:25

Type Values Removed Values Added
CWE CWE-312
References (MISC) https://fortiguard.com/psirt/FG-IR-20-014 - (MISC) https://fortiguard.com/psirt/FG-IR-20-014 - Vendor Advisory
CPE cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*
First Time Fortinet fortiauthenticator
Fortinet fortios
Fortinet
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3

11 Jul 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-11 09:15

Updated : 2024-11-21 06:46


NVD link : CVE-2022-22302

Mitre link : CVE-2022-22302

CVE.ORG link : CVE-2022-22302


JSON object : View

Products Affected

fortinet

  • fortiauthenticator
  • fortios
CWE
CWE-312

Cleartext Storage of Sensitive Information