CVE-2019-6693

CVSS 6.5 MEDIUMEPSS 5.4%● KEVCWE-798

In short

FortiOS backup files use a hard-coded encryption key that doesn't change, making it possible for anyone with the backup file to decrypt sensitive information like user passwords and private key passphrases.

Technical detail

CVE-2019-6693 exploits hard-coded cryptographic keys in FortiOS configuration backups (CWE-798). An attacker with file access can decrypt sensitive data including user credentials and HA passwords; this requires only possession of the backup file and knowledge of the static key embedded in the product.

Summary generated and translated by AI from the official description.

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Fortinet · FortiGate

public PoCs found — 4

githubgithub.com/saladandonionrings/cve-2019-6693★ 27 githubgithub.com/synacktiv/CVE-2020-9289★ 11 githubgithub.com/gquere/CVE-2019-6693★ 7 githubgithub.com/Real4XoR/CVE-2019-6693★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/advisory/FG-IR-19-007 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6693