Cryptographic Key Vulnerability in Fortinet's FortiSIEM
CVE-2019-17659
3.6LOW
Summary
A vulnerability in FortiSIEM version 5.2.6 involves the use of a hard-coded cryptographic key, which can potentially allow a remote unauthenticated attacker to gain SSH access to the supervisor account under the user 'tunneluser'. This exploitation requires knowledge of the private key, which may be obtained from another installation or firmware image, posing a significant risk to system integrity and security.
Affected Version(s)
FortiSIEM 5.2.6
References
CVSS V3.1
Score:
3.6
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved