CVE-2020-9289

Published: Jun 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

Affected (2)

Products: Fortinet: Fortianalyzer, Fortimanager

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	Up to 6.2.3
Fortinet Fortimanager	Up to 6.2.3

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://fortiguard.com/psirt/FG-IR-19-007

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-19-007

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.