ID

VAR-202302-1415


CVE

CVE-2022-29054


TITLE

fortinet's  FortiProxy  and  FortiOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004468

DESCRIPTION

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it. fortinet's FortiProxy and FortiOS Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-29054 // JVNDB: JVNDB-2023-004468 // VULHUB: VHN-420588 // VULMON: CVE-2022-29054

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiproxyscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.1.6

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:2.0.11

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:7.2.1

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.1.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.2.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.13

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.16

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:ltversion:7.0.8

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:ltversion:7.0.8

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.4.11

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope:eqversion:6.4.0 to 6.4.11

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.0.0 that's all 7.0.8

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortiproxyscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.0.0 to 6.0.16

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.2.0 to 6.2.12

Trust: 0.8

sources: JVNDB: JVNDB-2023-004468 // NVD: CVE-2022-29054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29054
value: LOW

Trust: 1.0

psirt@fortinet.com: CVE-2022-29054
value: LOW

Trust: 1.0

NVD: CVE-2022-29054
value: LOW

Trust: 0.8

CNNVD: CNNVD-202302-1450
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2022-29054
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2022-29054
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004468 // CNNVD: CNNVD-202302-1450 // NVD: CVE-2022-29054 // NVD: CVE-2022-29054

PROBLEMTYPE DATA

problemtype:CWE-329

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004468 // NVD: CVE-2022-29054

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1450

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1450

PATCH

title:FG-IR-22-080url:https://fortiguard.com/psirt/FG-IR-22-080

Trust: 0.8

title:Fortinet FortiOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226816

Trust: 0.6

sources: JVNDB: JVNDB-2023-004468 // CNNVD: CNNVD-202302-1450

EXTERNAL IDS

db:NVDid:CVE-2022-29054

Trust: 3.4

db:JVNDBid:JVNDB-2023-004468

Trust: 0.8

db:CNNVDid:CNNVD-202302-1450

Trust: 0.6

db:VULHUBid:VHN-420588

Trust: 0.1

db:VULMONid:CVE-2022-29054

Trust: 0.1

sources: VULHUB: VHN-420588 // VULMON: CVE-2022-29054 // JVNDB: JVNDB-2023-004468 // CNNVD: CNNVD-202302-1450 // NVD: CVE-2022-29054

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-080

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-29054

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-29054/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-420588 // VULMON: CVE-2022-29054 // JVNDB: JVNDB-2023-004468 // CNNVD: CNNVD-202302-1450 // NVD: CVE-2022-29054

SOURCES

db:VULHUBid:VHN-420588
db:VULMONid:CVE-2022-29054
db:JVNDBid:JVNDB-2023-004468
db:CNNVDid:CNNVD-202302-1450
db:NVDid:CVE-2022-29054

LAST UPDATE DATE

2024-08-14T14:49:19.175000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-420588date:2023-02-24T00:00:00
db:VULMONid:CVE-2022-29054date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004468date:2023-10-30T07:30:00
db:CNNVDid:CNNVD-202302-1450date:2023-02-27T00:00:00
db:NVDid:CVE-2022-29054date:2023-11-07T03:45:53.387

SOURCES RELEASE DATE

db:VULHUBid:VHN-420588date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-29054date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004468date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1450date:2023-02-16T00:00:00
db:NVDid:CVE-2022-29054date:2023-02-16T19:15:12.263