CVE-2019-6693

Published: Nov 21, 2019Modified: Oct 24, 2025CISA KEV

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Affected (3)

Products: Fortinet: Fortios

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	Up to 5.6.10
Fortinet Fortios	From 6.0.0 to 6.0.6
Fortinet Fortios	Version 6.2.0

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (3)

https://fortiguard.com/advisory/FG-IR-19-007

Source: psirt@fortinet.com

MitigationVendor Advisory

https://fortiguard.com/advisory/FG-IR-19-007

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6693

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.