CVE-2022-29054

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.0.x through 7.2.0

Description A missing cryptographic steps vulnerability in the functions that encrypt the DHCP and DNS keys may allow an attacker in possession of the encrypted key to decipher it. This issue affects the encryption of keys such as ddns-key or n-mhae-key in FortiOS and FortiProxy configuration.

Recommendations For Fortinet FortiOS versions 6.0.x through 7.2.0, consider disabling the encryption functions for DHCP and DNS keys until a patch is available. Restrict access to the configuration files that store the encrypted keys to minimize the risk of exploitation. Avoid using the affected encryption functions for sensitive data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.