Main Vulnerability Database Vulnerabilities #VU22855

#VU22855 Use of Hard-coded Cryptographic Key in FortiOS - CVE-2019-6693

Published: November 19, 2019 / Updated: June 25, 2025

Vulnerability identifier: #VU22855

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2019-6693

CWE-ID: CWE-321

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to presence of a hard-coded cryptographic key. An attacker with access to the backup file can use the hardcoded cryptographic key to decrypt data in the backup file and gain access to sensitive information, such as users passwords and private keys.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.com/psirt/FG-IR-19-007

#VU22855 Use of Hard-coded Cryptographic Key in FortiOS - CVE-2019-6693

Description

Remediation

External links

Please verify you're human