Cryptographic Key Vulnerability in Fortinet's FortiSIEM
CVE-2019-17659

3.6LOW

Key Information:

Vendor
Fortinet
Status
Vendor
CVE Published:
17 March 2025

Summary

A vulnerability in FortiSIEM version 5.2.6 involves the use of a hard-coded cryptographic key, which can potentially allow a remote unauthenticated attacker to gain SSH access to the supervisor account under the user 'tunneluser'. This exploitation requires knowledge of the private key, which may be obtained from another installation or firmware image, posing a significant risk to system integrity and security.

Affected Version(s)

FortiSIEM 5.2.6

References

CVSS V3.1

Score:
3.6
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.