Overview
- Description
- Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-798
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBDD29F8-B339-4C3B-AF3F-77BB3D323D1D",
"versionEndIncluding": "5.6.10"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FA4CED9-EAB9-4FE4-B058-CC4D3E03C520",
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72C437B7-75F8-4DDC-9670-19E2C21ACB27"
}
],
"operator": "OR"
}
]
}
]