CVE-2022-22302

Summary

CVE	CVE-2022-22302
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-07-11 09:15:00 UTC
Updated	2023-11-07 03:43:00 UTC
Description	A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.

Risk And Classification

Problem Types: CWE-312

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Fortinet	Fortiauthenticator	5.5.0	All	All	All
Application	Fortinet	Fortiauthenticator	6.1.0	All	All	All
Application	Fortinet	Fortiauthenticator	All	All	All	All
Operating System	Fortinet	Fortios	6.4.0	All	All	All
Operating System	Fortinet	Fortios	6.4.1	All	All	All
Operating System	Fortinet	Fortios	All	All	All	All
Operating System	Fortinet	Fortios	All	All	All	All

References

Reference	Source	Link	Tags
PSIRT Advisories \| FortiGuard	MISC	fortiguard.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

43980 Fortinet FortiOS Information disclosure Vulnerability (FG-IR-20-014)