CVE-2019-17655

Summary

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiOS and FortiProxyFortiOS 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlieraffected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References