Input validation error in FortiManager - CVE-2019-6695
Published: August 23, 2019 / Updated: August 8, 2020
Vulnerability identifier: #VU35593
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-6695
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
FortiManager
FortiManager
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.
How to mitigate CVE-2019-6695
Install update from vendor's website.