CVE-2022-29060

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-071 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*

Information

Published : 2022-07-19 02:15

Updated : 2022-07-27 12:50


NVD link : CVE-2022-29060

Mitre link : CVE-2022-29060

Products Affected
No products.
CWE