Sensitive Information Storage Vulnerability in Fortinet FortiGate and FortiAuthenticator
CVE-2022-22302
5.3MEDIUM
What is CVE-2022-22302?
A vulnerability exists in Fortinet's FortiGate and FortiAuthenticator products, allowing unauthorized local parties to access sensitive private keys stored in plain text. This flaw affects specific versions of FortiGate and FortiAuthenticator, potentially compromising secure communications with services like Apple Push Notification and Google Cloud Messaging. The sensitive information can be retrieved by accessing certain filesystem files, exposing organizations to increased risk of data breaches.
Affected Version(s)
FortiAuthenticator 6.1.0
FortiAuthenticator 6.0.0 <= 6.0.4
FortiAuthenticator 5.5.0