CVE-2022-29060
19.07.2022, 14:15
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortiddos | 5.1.0 |
| fortinet | fortiddos | 5.2.0 |
| fortinet | fortiddos | 5.3.0 |
| fortinet | fortiddos | 5.3.1 |
| fortinet | fortiddos | 5.4.0 |
| fortinet | fortiddos | 5.4.1 |
| fortinet | fortiddos | 5.4.2 |
| fortinet | fortiddos | 5.5.0 |
| fortinet | fortiddos | 5.5.1 |
𝑥
= Vulnerable software versions