Cryptographic Key Vulnerability in Fortinet's FortiSIEM
CVE-2019-17659

3.6LOW

Key Information:

Vendor: Fortinet
Status: Fortisiem
Vendor: CVE Published:; 17 March 2025

Summary

A vulnerability in FortiSIEM version 5.2.6 involves the use of a hard-coded cryptographic key, which can potentially allow a remote unauthenticated attacker to gain SSH access to the supervisor account under the user 'tunneluser'. This exploitation requires knowledge of the private key, which may be obtained from another installation or firmware image, posing a significant risk to system integrity and security.

Affected Version(s)

FortiSIEM 5.2.6

References

https://fortiguard.fortinet.com/psirt/FG-IR-19-296

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2025
Vulnerability Reserved
Oct 16, 2019