CVE-2022-29053: 
FortiOS vulnerability analysis and mitigation

A missing cryptographic steps vulnerability [CWE-325] was identified in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0. This vulnerability was assigned CVE-2022-29053 and was initially published on September 6, 2022 (NVD, Fortinet).

The vulnerability is classified as a missing cryptographic steps issue (CWE-325) affecting the keytab file encryption functions. It received a CVSS v3.1 Base Score of 3.3 (LOW) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N according to NVD, while Fortinet assessed it with a slightly lower score of 2.3 (LOW) with the vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N (NVD).

If exploited, this vulnerability may allow an attacker who has possession of the encrypted file to decipher it, potentially leading to unauthorized access to sensitive information stored in the keytab files (NVD).

The vulnerability affects FortiOS versions 7.2.0, 7.0.0 through 7.0.5, and versions below 7.0.0. Users should upgrade to the latest version of FortiOS that contains the fix for this vulnerability (Fortinet).