Details of VAR-202209-0252

ID

VAR-202209-0252

CVE

CVE-2022-29053

TITLE

fortinet's FortiOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019307

DESCRIPTION

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. fortinet's FortiOS Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-29053 // JVNDB: JVNDB-2022-019307 // VULHUB: VHN-420587

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.0.14	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.4.9	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.0.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.2.11	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.0.0 that's all 7.0.6	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.4.0 to 6.4.9	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.0.0 to 6.0.14	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.2.0	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.2.0 to 6.2.11	Trust: 0.8

sources: JVNDB: JVNDB-2022-019307 // NVD: CVE-2022-29053

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29053
value:	LOW
Trust: 1.0
psirt@fortinet.com:	CVE-2022-29053
value:	LOW
Trust: 1.0
NVD:	CVE-2022-29053
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202209-223
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2022-29053
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2022-29053
baseSeverity:	LOW
baseScore:	2.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29053
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019307 // CNNVD: CNNVD-202209-223 // NVD: CVE-2022-29053 // NVD: CVE-2022-29053

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-019307 // NVD: CVE-2022-29053

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-223

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-223

PATCH

title:	FG-IR-22-158	url:	https://fortiguard.com/psirt/FG-IR-22-158	Trust: 0.8
title:	Fortinet FortiOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207176	Trust: 0.6

sources: JVNDB: JVNDB-2022-019307 // CNNVD: CNNVD-202209-223

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29053	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-019307	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-223	Trust: 0.6
db:	VULHUB	id:	VHN-420587	Trust: 0.1

sources: VULHUB: VHN-420587 // JVNDB: JVNDB-2022-019307 // CNNVD: CNNVD-202209-223 // NVD: CVE-2022-29053

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-158	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29053	Trust: 0.8
url:	https://vigilance.fr/vulnerability/fortios-no-encryption-via-keytab-files-39199	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-29053/	Trust: 0.6

sources: VULHUB: VHN-420587 // JVNDB: JVNDB-2022-019307 // CNNVD: CNNVD-202209-223 // NVD: CVE-2022-29053

SOURCES

db:	VULHUB	id:	VHN-420587
db:	JVNDB	id:	JVNDB-2022-019307
db:	CNNVD	id:	CNNVD-202209-223
db:	NVD	id:	CVE-2022-29053

LAST UPDATE DATE

2024-08-14T14:49:38.806000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420587	date:	2022-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-019307	date:	2023-10-25T05:31:00
db:	CNNVD	id:	CNNVD-202209-223	date:	2022-09-13T00:00:00
db:	NVD	id:	CVE-2022-29053	date:	2022-09-09T03:06:48.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420587	date:	2022-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-019307	date:	2023-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202209-223	date:	2022-09-06T00:00:00
db:	NVD	id:	CVE-2022-29053	date:	2022-09-06T18:15:13.007