CVE-2022-45858

CWE-327 — Broken Cryptographic Algorithm4 documents4 sources

Severity

7.4HIGH

EPSS

0.1%

top 71.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortinac

Timeline

PublishedMay 3

Latest updateMay 4

Description

A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages2 packages

▶NVDfortinet/fortinac8.7.0 — 9.1.0+2

▶CVEListV5fortinet/fortinac9.4.0 — 9.4.1+5

🔴Vulnerability Details

GHSA

GHSA-fxjv-92h2-p845: A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9↗2023-05-04

▶

CVEList

CVE-2022-45858: A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9↗2023-05-03

▶

📋Vendor Advisories

Fortinet

A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all...↗2023-05-03

▶