CVE-2019-6693

6.5MEDIUM

Key Information:

Vendor
Fortinet
Status
Fortigate
Vendor
CVE Published:
21 November 2019

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Affected Version(s)

FortiGate 5.6.9 and below

FortiGate 6.0.5 and below

FortiGate 6.2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-6693
Created by gquere

cve-2019-6693
Created by saladandonionrings

References

https://fortiguard.com/advisory/FG-IR-19-007
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.