8.1

CVE-2022-29060

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiddos Version5.1.0
FortinetFortiddos Version5.2.0
FortinetFortiddos Version5.3.0
FortinetFortiddos Version5.3.1
FortinetFortiddos Version5.4.0
FortinetFortiddos Version5.4.1
FortinetFortiddos Version5.4.2
FortinetFortiddos Version5.5.0
FortinetFortiddos Version5.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.429
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@fortinet.com 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://fortiguard.com/psirt/FG-IR-22-071
Patch
Vendor Advisory