vulnerability

Fortinet FortiOS: CVE-2022-29054: Flaws over DHCP and DNS keys encryption scheme

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:P/I:N/A:N)

Published

Feb 16, 2023

Added

Feb 27, 2023

Modified

Jun 23, 2026

Description

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys (ddns-key or n-mhae-key) in FortiOS & FortiProxy configuration may allow an attacker in possession of the encrypted key to decipher it.

Solution

fortios-upgrade-latest

References

https://www.fortiguard.com/psirt/FG-IR-22-080
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-33467
CVE-2022-29054
https://attackerkb.com/topics/CVE-2022-29054
CWE-329
EUVD-EUVD-2022-33467

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report