Details of VAR-202302-1415

ID

VAR-202302-1415

CVE

CVE-2022-29054

TITLE

fortinet's FortiProxy and FortiOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004468

DESCRIPTION

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it. fortinet's FortiProxy and FortiOS Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-29054 // JVNDB: JVNDB-2023-004468 // VULHUB: VHN-420588 // VULMON: CVE-2022-29054

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.1.6	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	2.0.11	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.2.12	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lte	version:	1.2.13	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.0.16	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.0.8	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.0.8	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.4.11	Trust: 1.0
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.4.0 to 6.4.11	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.0.0 that's all 7.0.8	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.2.0	Trust: 0.8
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.0.0 to 6.0.16	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.2.0 to 6.2.12	Trust: 0.8

sources: JVNDB: JVNDB-2023-004468 // NVD: CVE-2022-29054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29054
value:	LOW
Trust: 1.0
psirt@fortinet.com:	CVE-2022-29054
value:	LOW
Trust: 1.0
NVD:	CVE-2022-29054
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202302-1450
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2022-29054
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2022-29054
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004468 // CNNVD: CNNVD-202302-1450 // NVD: CVE-2022-29054 // NVD: CVE-2022-29054

PROBLEMTYPE DATA

problemtype:	CWE-329	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-004468 // NVD: CVE-2022-29054

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1450

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1450

PATCH

title:	FG-IR-22-080	url:	https://fortiguard.com/psirt/FG-IR-22-080	Trust: 0.8
title:	Fortinet FortiOS Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226816	Trust: 0.6

sources: JVNDB: JVNDB-2023-004468 // CNNVD: CNNVD-202302-1450

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29054	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004468	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1450	Trust: 0.6
db:	VULHUB	id:	VHN-420588	Trust: 0.1
db:	VULMON	id:	CVE-2022-29054	Trust: 0.1

sources: VULHUB: VHN-420588 // VULMON: CVE-2022-29054 // JVNDB: JVNDB-2023-004468 // CNNVD: CNNVD-202302-1450 // NVD: CVE-2022-29054

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-080	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29054	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-29054/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-420588 // VULMON: CVE-2022-29054 // JVNDB: JVNDB-2023-004468 // CNNVD: CNNVD-202302-1450 // NVD: CVE-2022-29054

SOURCES

db:	VULHUB	id:	VHN-420588
db:	VULMON	id:	CVE-2022-29054
db:	JVNDB	id:	JVNDB-2023-004468
db:	CNNVD	id:	CNNVD-202302-1450
db:	NVD	id:	CVE-2022-29054

LAST UPDATE DATE

2024-08-14T14:49:19.175000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420588	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2022-29054	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004468	date:	2023-10-30T07:30:00
db:	CNNVD	id:	CNNVD-202302-1450	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2022-29054	date:	2023-11-07T03:45:53.387

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420588	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-29054	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004468	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1450	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-29054	date:	2023-02-16T19:15:12.263