What is CVE-2022-29054?

CVE-2022-29054 is a low-severity vulnerability in Fortinet Fortios, classified under Generation of Predictable IV with CBC Mode. CVSS score: 3.1/10. Published 2023-02-16.

How severe is CVE-2022-29054?

Low severity. CVSS v3 base score is 3.1 out of 10.

Vulnerability in Fortinet Fortios

CVE-2022-29054

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of t…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:X.

Affected products

Fortinet Fortios — versions 7.2.0, 7.0.0, 6.4.0
Fortinet Fortiproxy — versions 7.2.0, 7.0.0, 2.0.0

Weakness classification (CWE)

CWE-329 — Generation of Predictable IV with CBC Mode

References

https://fortiguard.com/psirt/FG-IR-22-080

Frequently asked questions

What is CVE-2022-29054?: CVE-2022-29054 is a low-severity vulnerability in Fortinet Fortios, classified under Generation of Predictable IV with CBC Mode. CVSS score: 3.1/10. Published 2023-02-16.
How severe is CVE-2022-29054?: Low severity. CVSS v3 base score is 3.1 out of 10.