Headline
CVE-2022-30307: Fortiguard
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.
** PSIRT Advisories**
FortiOS - RSA SSH host key lost at shutdown
Summary
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS may allow an unauthenticated attacker to perform a man in the middle attack.
Affected Products
FortiOS version 7.2.0
FortiOS version 7.0.6
FortiOS version 6.4.9
Solutions
Please upgrade to FortiOS version 7.2.2 or above
Please upgrade to FortiOS version 7.0.8 or above
Please upgrade to FortiOS version 6.4.10 or above
Acknowledgement
Fortinet is pleased to thank Samuel Leslie for bringing this issue to our attention under responsible disclosure.