Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-29060

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.

Published

2022-07-19T14:15:08.603

Last Modified

2024-11-21T06:58:25.680

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiddos	5.1.0	Yes
Application	fortinet	fortiddos	5.2.0	Yes
Application	fortinet	fortiddos	5.3.0	Yes
Application	fortinet	fortiddos	5.3.1	Yes
Application	fortinet	fortiddos	5.4.0	Yes
Application	fortinet	fortiddos	5.4.1	Yes
Application	fortinet	fortiddos	5.4.2	Yes
Application	fortinet	fortiddos	5.5.0	Yes
Application	fortinet	fortiddos	5.5.1	Yes

References

https://fortiguard.com/psirt/FG-IR-22-071 Patch, Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-22-071 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)