CVE-2022-29060

CWE-798Hard-coded Credentials4 documents4 sources
Severity
8.1HIGH
EPSS
0.5%
top 36.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet Fortinet FortiddosFortinet Fortiddos
Timeline
PublishedJul 19
Latest updateJul 20

Description

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiddos9 versions+8
CVEListV5fortinet/fortinet_fortiddosFortiDDoS 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-vgx6-62w9-6xwh: A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 52022-07-20
CVEList
CVE-2022-29060: A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 52022-07-18

📋Vendor Advisories

1
Fortinet
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2,...2022-07-19
CVE-2022-29060 (HIGH CVSS 8.1) | A use of hard-coded cryptographic k | cvebase.io