ID

VAR-202209-0252


CVE

CVE-2022-29053


TITLE

fortinet's  FortiOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019307

DESCRIPTION

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. fortinet's FortiOS Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-29053 // JVNDB: JVNDB-2022-019307 // VULHUB: VHN-420587

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.14

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.4.9

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:7.0.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.2.11

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:7.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope:eqversion:7.0.0 that's all 7.0.6

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.4.0 to 6.4.9

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.0.0 to 6.0.14

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.2.0 to 6.2.11

Trust: 0.8

sources: JVNDB: JVNDB-2022-019307 // NVD: CVE-2022-29053

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29053
value: LOW

Trust: 1.0

psirt@fortinet.com: CVE-2022-29053
value: LOW

Trust: 1.0

NVD: CVE-2022-29053
value: LOW

Trust: 0.8

CNNVD: CNNVD-202209-223
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2022-29053
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-29053
baseSeverity: LOW
baseScore: 2.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-29053
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019307 // CNNVD: CNNVD-202209-223 // NVD: CVE-2022-29053 // NVD: CVE-2022-29053

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019307 // NVD: CVE-2022-29053

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-223

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-223

PATCH

title:FG-IR-22-158url:https://fortiguard.com/psirt/FG-IR-22-158

Trust: 0.8

title:Fortinet FortiOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207176

Trust: 0.6

sources: JVNDB: JVNDB-2022-019307 // CNNVD: CNNVD-202209-223

EXTERNAL IDS

db:NVDid:CVE-2022-29053

Trust: 3.3

db:JVNDBid:JVNDB-2022-019307

Trust: 0.8

db:CNNVDid:CNNVD-202209-223

Trust: 0.6

db:VULHUBid:VHN-420587

Trust: 0.1

sources: VULHUB: VHN-420587 // JVNDB: JVNDB-2022-019307 // CNNVD: CNNVD-202209-223 // NVD: CVE-2022-29053

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-158

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-29053

Trust: 0.8

url:https://vigilance.fr/vulnerability/fortios-no-encryption-via-keytab-files-39199

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-29053/

Trust: 0.6

sources: VULHUB: VHN-420587 // JVNDB: JVNDB-2022-019307 // CNNVD: CNNVD-202209-223 // NVD: CVE-2022-29053

SOURCES

db:VULHUBid:VHN-420587
db:JVNDBid:JVNDB-2022-019307
db:CNNVDid:CNNVD-202209-223
db:NVDid:CVE-2022-29053

LAST UPDATE DATE

2024-08-14T14:49:38.806000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-420587date:2022-09-09T00:00:00
db:JVNDBid:JVNDB-2022-019307date:2023-10-25T05:31:00
db:CNNVDid:CNNVD-202209-223date:2022-09-13T00:00:00
db:NVDid:CVE-2022-29053date:2022-09-09T03:06:48.650

SOURCES RELEASE DATE

db:VULHUBid:VHN-420587date:2022-09-06T00:00:00
db:JVNDBid:JVNDB-2022-019307date:2023-10-25T00:00:00
db:CNNVDid:CNNVD-202209-223date:2022-09-06T00:00:00
db:NVDid:CVE-2022-29053date:2022-09-06T18:15:13.007