FG-IR-22-228: RSA SSH host key lost at shutdown
First published: Tue Nov 01 2022(Updated: )
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS may allow an unauthenticated attacker to perform a man in the middle attack.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FortiOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of FG-IR-22-228?
The severity of FG-IR-22-228 is typically classified as critical due to its potential for exploitation in man-in-the-middle attacks.
How do I fix FG-IR-22-228?
To fix FG-IR-22-228, ensure that you update your FortiOS to the latest version that addresses the key management error vulnerability.
Who is affected by FG-IR-22-228?
Organizations using FortiOS that rely on RSA SSH host keys are susceptible to FG-IR-22-228.
What type of attack does FG-IR-22-228 allow?
FG-IR-22-228 allows unauthenticated attackers to perform man-in-the-middle attacks due to a key management error.
What CVE ID relates to FG-IR-22-228?
FG-IR-22-228 does not have a linked CVE ID, but it falls under the Common Weakness Enumeration category CWE-320.
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2022-30307
- collector/fortiguard-psirt
- agent/last-modified-date
- agent/severity
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortios