CVE-2020-9289

CVE Database · CVE-2020-9289

CVE-2020-9289

· HIGHModified

CVSS v3.1

7.5

EPSS

2.24%

Published

Jun 16, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-798

Affected Products (2)

fortinet · fortianalyzervulnerable

fortinet · fortimanagervulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-19-007

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-19-007

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs