CVE-2022-22302 - Fortinet FortiGate and FortiAuthenticator Clear Text Storage of Sensitive Information Vulnerability

A vulnerability (CVE-2022-22302) has been discovered in Fortinet's FortiGate and FortiAuthenticator devices, which could potentially allow a local, unauthorized individual to access sensitive information. Specifically, the flaw lies within the Clear Text Storage of Sensitive Information (CWE-312) for versions 6.4. through 6.4.1, 6.2. through 6.2.9, and 6.. through 6..13 of FortiGate, as well as version 5.5. and all versions of 6.1 and 6. of FortiAuthenticator. This vulnerability enables an attacker to access and retrieve private keys that are used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, thereby compromising the system's security.

Affected Versions

* FortiGate: 6.4. - 6.4.1, 6.2. - 6.2.9 and 6.. - 6..13
* FortiAuthenticator: 5.5. and all versions of 6. and 6.1

Exploit Details

To exploit this vulnerability, an attacker would need local access to the device's file system. By gaining access to the file system, the attacker can retrieve private keys stored in plain text format, which may be used to establish a secure communication with Apple Push Notification and Google Cloud Messaging services.

The following code snippet shows an example of the sensitive information that would be exposed in a file system where this vulnerability is present:

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9wBAQEFAASCBKgwggSkAgEAAoIBAQDWvlNU1tBArgLn
[...]
Gz6scxki6xzocNYfFBx7O4JKk=
-----END PRIVATE KEY-----

Accessing this private key stored in clear text format could allow the attacker to intercept and manipulate communication between the device and the aforementioned services. It could also potentially provide unauthorized access to any integrated third-party apps relying on these services.

For more details about the vulnerability and possible mitigations, refer to the following resources

1. Fortinet's Security Advisory regarding this vulnerability: [FG-IR-20-045]( https://www.fortiguard.com/ir/FG-IR-20-045)
2. Official CVE-2022-22302 entry in Mitre's CVE database
3. CWE-312: Clear Text Storage of Sensitive Information: Common Weakness Enumeration - CWE-312

Recommendations

To safeguard against this vulnerability, users of FortiGate and FortiAuthenticator devices should apply the appropriate updates provided by Fortinet. Additionally, it is crucial to implement proper security measures:

1. Limit physical and logical access to the filesystem by implementing strict access controls and using secure passwords.

Consider using encrypted storage facilities for securing sensitive information such as private keys.

By taking these critical security precautions, users of FortiGate and FortiAuthenticator devices can better understand and mitigate the potential risks posed by CVE-2022-22302 and protect their networks, devices, and applications from unauthorized access.

Timeline

Published on: 07/11/2023 09:15:09 UTC
Last modified on: 11/07/2023 03:43:51 UTC