CVE-2022-30307

3.9LOW

Key Information:

Vendor: Fortinet
Status: Fortinet FortiOS
Vendor: CVE Published:; 2 November 2022

Summary

A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.

Affected Version(s)

Fortinet FortiOS FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below

References

https://fortiguard.com/psirt/FG-IR-22-228

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
May 6, 2022