Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29054: Fortiguard

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.

CVE
Open in Source
#vulnerability#ios

** PSIRT Advisories**

FortiOS / FortiProxy - Flaws over DHCP and DNS keys encryption scheme

Summary

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys (ddns-key or n-mhae-key) in FortiOS & FortiProxy may allow an attacker in possession of the encrypted key to decipher it.

Affected Products

FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.7
FortiOS version 6.4.0 all versions
FortiOS version 6.2.0 all versions

FortiProxy version 7.2.0 through 7.2.1
FortiProxy version 7.0.0 through 7.0.7
FortiProxy version 2.0 all versions
FortiProxy version 1.2 all versions
FortiProxy version 1.1 all versions

Solutions

Please upgrade to FortiOS version 7.2.1 or above
Please upgrade to FortiOS version 7.0.8 or above
Please upgrade to FortiProxy version 7.2.2 or above
Please upgrade to FortiProxy version 7.0.8 or above

Acknowledgement

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE