CVE-2022-22302

Name of the Vulnerable Software and Affected Versions FortiGate versions 6.0.0 through 6.0.13 FortiGate versions 6.2.0 through 6.2.9 FortiGate versions 6.4.0 through 6.4.1 FortiAuthenticator version 5.5.0 FortiAuthenticator versions 6.0 FortiAuthenticator versions 6.1

Description A clear text storage of sensitive information vulnerability may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. The potentially exposed private keys have been revoked.

Recommendations For FortiGate versions 6.0.0 through 6.0.13, upgrade to a newer version that contains a fix for this issue. For FortiGate versions 6.2.0 through 6.2.9, upgrade to a newer version that contains a fix for this issue. For FortiGate versions 6.4.0 through 6.4.1, upgrade to a newer version that contains a fix for this issue. For FortiAuthenticator version 5.5.0, upgrade to a newer version that contains a fix for this issue. For FortiAuthenticator versions 6.0, upgrade to a newer version that contains a fix for this issue. For FortiAuthenticator versions 6.1, upgrade to a newer version that contains a fix for this issue.