Hard-Coded Cryptographic Key Vulnerability in Fortinet's FortiEDR
CVE-2022-23441

9.1CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiedr
Vendor: CVE Published:; 6 April 2022

Summary

A vulnerability exists in Fortinet's FortiEDR where hard-coded cryptographic keys can be exploited. This issue allows an unauthenticated attacker within the network to impersonate and forge messages from other collectors. Such a security flaw can lead to significant risks in data integrity and trustworthiness, enabling an unauthorized party to manipulate interactions between network components.

Affected Version(s)

Fortinet FortiEDR FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0

References

https://fortiguard.com/psirt/FG-IR-22-019

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2022
Vulnerability Reserved
Jan 19, 2022