PT-2022-6025 · Fortinet · Fortios
Published
2022-11-01
·
Updated
2023-08-08
·
CVE-2022-30307
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FortiOS versions 7.2.0 and below
FortiOS versions 7.0.6 and below
FortiOS versions 6.4.9 and below
Description
The issue is related to errors in managing the RSA SSH cryptographic key, which may allow a remote attacker to perform a man-in-the-middle (MITM) attack. This could potentially be exploited by an unauthenticated attacker.
Recommendations
For FortiOS versions 7.2.0 and below, update to a version above 7.2.0 to resolve the issue.
For FortiOS versions 7.0.6 and below, update to a version above 7.0.6 to resolve the issue.
For FortiOS versions 6.4.9 and below, update to a version above 6.4.9 to resolve the issue.
As a temporary workaround, consider restricting access to the RSA SSH host key to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios