← Back to CVEs
CVE-2022-22302
MEDIUM5.3
Description
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/11/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
fortinet:fortiauthenticatorfortinet:fortios
Weaknesses (CWE)
CWE-312CWE-312
References
https://fortiguard.com/psirt/FG-IR-20-014(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-20-014(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.