CVE-2022-22302: 
FortiOS vulnerability analysis and mitigation

A clear text storage of sensitive information vulnerability (CVE-2022-22302) was discovered affecting FortiGate versions 6.4.0-6.4.1, 6.2.0-6.2.9, 6.0.0-6.0.13, and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0. The vulnerability was initially published on February 16, 2023, and allows local unauthorized parties to access Fortinet private keys used for secure communication with Apple Push Notification and Google Cloud Messaging services (Fortinet Advisory).

The vulnerability is classified as CWE-312 (Cleartext Storage of Sensitive Information). It received a CVSS v3.1 base score of 5.3 (Medium) from Fortinet and 3.3 (Low) from NVD, with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability specifically involves the exposure of private keys stored in cleartext on the filesystem that are used for secure communications with push notification services (NVD).

The vulnerability could lead to information disclosure, specifically allowing unauthorized access to Fortinet's private keys used for establishing secure communication with Apple Push Notification and Google Cloud Messaging services. The potentially exposed private keys have been revoked by Fortinet (Fortinet Advisory).

Fortinet has released multiple solutions including upgrading to FortiGate version 6.4.2 or above, FortiOS version 6.2.10 or above, FortiOS version 6.0.14 or above, FortiAuthenticator version 6.2.0 or above, version 6.1.1 or above, or version 6.0.5 or above. A temporary workaround for FortiOS users involves disabling the FTM push service using the commands: 'config system ftm-push' followed by 'set status disable' (Fortinet Advisory).

The vulnerability was responsibly disclosed by independent security researcher Tom Pohl (Fortinet Advisory).