CVE-2019-6693
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 23, 2019
- Published Date
- November 21, 2019
- Last Updated
- June 25, 2025
- Vendor
- Fortinet
- Product
- FortiGate
- Description
- Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
- Tags
- Score
- 68.28% (Percentile: 98.51%) as of 2025-07-17
- Exploitation
- active
- Technical Impact
- partial
- Exploited in the Wild
- Yes (2025-06-24 04:40:23 UTC) Source
cisa
ios
edge
CVSS Scores
CVSS v3.1
6.5 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
4.0
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS Score
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2025-06-24 04:40:16 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
gquere/CVE-2019-6693
Type: github • Created: 2021-12-21 15:28:00 UTC • Stars: 5
Decrypt FortiGate configuration secrets
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel