CVE-2022-29060
Summary
| CVE | CVE-2022-29060 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-19 14:15:00 UTC |
| Updated | 2022-07-27 12:50:00 UTC |
| Description | A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device. |
Risk And Classification
Problem Types: CWE-798
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fortinet | Fortiddos | 5.1.0 | All | All | All |
| Application | Fortinet | Fortiddos | 5.2.0 | All | All | All |
| Application | Fortinet | Fortiddos | 5.3.0 | All | All | All |
| Application | Fortinet | Fortiddos | 5.3.1 | All | All | All |
| Application | Fortinet | Fortiddos | 5.4.0 | All | All | All |
| Application | Fortinet | Fortiddos | 5.4.1 | All | All | All |
| Application | Fortinet | Fortiddos | 5.4.2 | All | All | All |
| Application | Fortinet | Fortiddos | 5.5.0 | All | All | All |
| Application | Fortinet | Fortiddos | 5.5.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PSIRT Advisories | FortiGuard | CONFIRM | fortiguard.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.