Home

Description

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.

PUBLISHED Reserved 2022-04-11 | Published 2022-07-18 | Updated 2024-10-25 | Assigner fortinet




HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:U/RC:R

Problem types

Improper access control

Product status

FortiDDoS 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0
affected

References

fortiguard.com/psirt/FG-IR-22-071

cve.org (CVE-2022-29060)

nvd.nist.gov (CVE-2022-29060)

Download JSON