Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-5593
HistoryJan 23, 2020 - 5:15 p.m.

CVE-2019-5593

2020-01-2317:15:12
CWE-755
[email protected]
web.nvd.nist.gov
24
cve-2019-5593
fortinet
fortios
cli
permission checking
plaintext keys
encryption password
nvd
security advisory

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system’s builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.

Affected configurations

NVD
Node
fortinetfortiosRange5.6.10
OR
fortinetfortiosRange6.0.06.0.6
OR
fortinetfortiosMatch6.2.0

CNA Affected

[
  {
    "product": "Fortinet FortiOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below"
      }
    ]
  }
]

Related

fortinet 1
nessus 1
cvelist 1
symantec 1
prion 1
nvd 1
fortinet
fortinet
Protect
2019-11-14 00:00:00
nessus
nessus
Fortinet FortiOS < 5.6.11 / 6.0.0 < 6.0.7 / 6.2.0 < 6.2.2 Information Disclosure (FG-IR-19-134)
2019-11-21 00:00:00
cvelist
cvelist
CVE-2019-5593
2020-01-23 16:50:43
symantec
symantec
Fortinet FortiOS CVE-2019-5593 Information Disclosure Vulnerability
2019-11-14 00:00:00
prion
prion
Input validation
2020-01-23 17:15:00
nvd
nvd
CVE-2019-5593
2020-01-23 17:15:12

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CVE-2019-5593
fortinet1nessus1cvelist1symantec1prion1nvd1