A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NFortinet FortiOS
OSFortinet7.2.06.0.0 – 6.0.167.0.0 – 7.0.8 (bez)6.4.0 – 6.4.116.2.0 – 6.2.12Fortinet Fortiproxy
APPFortinet7.2.07.2.11.1.0 – 1.1.67.0.0 – 7.0.8 (bez)2.0.0 – 2.0.111.2.0 – 1.2.13
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Firewall
Related vulnerabilities
CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
CVE-2024-55591CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin
CVE-2024-23113CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager
CVE-2024-21762CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Out-of-bounds write w Fortinet FortiOS i FortiProxy — RCE bez uwierzytelnienia