← Back

CVE-2019-5593

nvd nist
Published: Jan 23, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.

Affected (3)

Products: Fortinet: Fortios
Fortinet
1 product
Fortios
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortios
Up to 5.6.10
Fortios
From 6.0.0 to 6.0.6
Fortios
Version 6.2.0

Related CWEs

CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

References (2)

Source: psirt@fortinet.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.