Description
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
E
X
RL
Unchanged
RC
Required
Affected products
- fortinet / Fortinet FortiOSFortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below – FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below
References
- VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-22-228