Main Vulnerability Database Vulnerabilities #VU22855

Use of Hard-coded Cryptographic Key in FortiOS - CVE-2019-6693

Published: November 19, 2019 / Updated: June 25, 2025

Vulnerability identifier: #VU22855

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2019-6693

CWE-ID: CWE-321

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to presence of a hard-coded cryptographic key. An attacker with access to the backup file can use the hardcoded cryptographic key to decrypt data in the backup file and gain access to sensitive information, such as users passwords and private keys.

How to mitigate CVE-2019-6693

Install updates from vendor's website.

Sources

https://fortiguard.com/psirt/FG-IR-19-007

Use of Hard-coded Cryptographic Key in FortiOS - CVE-2019-6693

Detailed vulnerability description

How to mitigate CVE-2019-6693

Sources

Please verify you're human