CVEFinder.io

CVE-2022-22302

🔶 medium
🔍 Scan for this CVE
Summary

A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.

CVSS Score
5.3
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2023-07-11
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.8% of all 326,604 vulnerabilities in our database.

#262,086
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Oct 23, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-312

📦 Affected Products 7

Vendor Product Status Affected Versions
fortinet fortios Affected
≥ 6.0.0 ≤ 6.0.13
fortinet fortios Affected
≥ 6.2.0 ≤ 6.2.9
fortinet fortios Affected
v6.4.0
fortinet fortios Affected
v6.4.1
fortinet fortiauthenticator Affected
≥ 6.0.0 ≤ 6.0.4
fortinet fortiauthenticator Affected
v5.5.0
fortinet fortiauthenticator Affected
v6.1.0

🔗 References 1

https://fortiguard.com/psirt/FG-IR-20-014
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-53844 ⚠️ high 8.8 0.0 A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 ... 2026-05-12
CVE-2026-44277 ⛔ critical 9.8 0.1 A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticat... 2026-05-12
CVE-2025-53847 🔶 medium 6.5 0.0 A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 thro... 2026-04-14
CVE-2025-55018 🔶 medium 5.8 0.1 An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, Fort... 2026-02-10
CVE-2025-64157 🔶 medium 6.7 0.0 A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 throug... 2026-02-10
CVE-2025-68686 🔶 medium 5.9 0.0 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS ... 2026-02-10
These CVEs affect the same products