CVE-2019-6693
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet | FortiGate | 5.6.9 and below | affected |
| Fortinet | FortiGate | 6.0.5 and below | affected |
| Fortinet | FortiGate | 6.2.0 | affected |
Weaknesses
- Information disclosure
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: partial
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.