CVE-2022-29053

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-22-158	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios::::::::
	cpe:2.3:o:fortinet:fortios:7.2.0:::::::*

History

No history.

Information

Published : 2022-09-06 18:15

Updated : 2022-09-09 03:06

NVD link : CVE-2022-29053

Mitre link : CVE-2022-29053

CVE.ORG link : CVE-2022-29053

JSON object : View

Products Affected

fortinet

fortios

CWE

NVD-CWE-Other

{"id": "CVE-2022-29053", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.8}]}, "published": "2022-09-06T18:15:13.007", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-158", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it."}, {"lang": "es", "value": "Una vulnerabilidad de pasos criptogr\u00e1ficos faltantes [CWE-325] en las funciones que cifran los archivos keytab en FortiOS versiones 7.2.0, 7.0.0 hasta 7.0.5 y anteriores a 7.0.0, puede permitir a un atacante en posesi\u00f3n del archivo cifrado descifrarlo."}], "lastModified": "2022-09-09T03:06:48.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A857126-D7EE-4CB4-BCAA-68D6C4FEC3E4", "versionEndIncluding": "6.0.14", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E417AB31-3C1E-47C9-941B-36026B4379E8", "versionEndIncluding": "6.2.11", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA09A86A-A8BE-45F7-96C8-747C5DB658C5", "versionEndIncluding": "6.4.9", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "103E0368-0675-4511-95BF-D5CCD67BBAA5", "versionEndExcluding": "7.0.6", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9B87A2A-4C83-448B-8009-AD20214D58CB"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}