CVE-2022-22302

MEDIUM

FortiGate/FortiAuthenticator <6.4.1/6.2.9/<6.0.13 - Info Disclosure

Title source: llm

Description

A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-20-014

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 26.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (6)

fortinet/fortiauthenticator 5.5.0

fortinet/fortiauthenticator 6.1.0

fortinet/fortiauthenticator 6.0.0 - 6.0.4

fortinet/fortios 6.4.0

fortinet/fortios 6.4.1

fortinet/fortios 6.0.0 - 6.0.13

Published Jul 11, 2023

Tracked Since Feb 18, 2026