Information disclosure

2023-02-1619:15:00

PRIOn knowledge base

www.prio-n.com

information disclosure

cryptographic steps

vulnerability

fortinet fortios

version 7.2.0

version 7.0.0

version 6.4.0

version 6.2.x

version 6.0.x

dhcp

dns

keys

attacker

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.

CPENameOperatorVersion
fortioseq7.2.0
fortiosge6.2.0
fortiosle6.2.12
fortiosge6.0.0
fortiosle6.0.16
fortiosge6.4.0
fortiosle6.4.11
fortiosge7.0.0
fortioslt7.0.8
fortiproxyge1.1.0