Lucene search

K
cve[email protected]CVE-2019-5593
HistoryJan 23, 2020 - 5:15 p.m.

CVE-2019-5593

2020-01-2317:15:12
CWE-755
web.nvd.nist.gov
24
cve-2019-5593
fortinet
fortios
cli
permission checking
plaintext keys
encryption password
nvd
security advisory

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.5%

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system’s builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.

Affected configurations

NVD
Node
fortinetfortiosRange5.6.10
OR
fortinetfortiosRange6.0.06.0.6
OR
fortinetfortiosMatch6.2.0

CNA Affected

[
  {
    "product": "Fortinet FortiOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.5%