CVE-2019-16153

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 38.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisiem Fortinet Fortinet Fortisiem

Timeline

PublishedJan 23

Latest updateMay 24

Description

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortisiem5.0.0 — 5.2.5

▶CVEListV5fortinet/fortinet_fortisiemFortiSIEM 5.2.5 and below

🔴Vulnerability Details

GHSA

GHSA-m9wr-4mrf-cqjr: A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5↗2022-05-24

▶

CVEList

CVE-2019-16153: A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5↗2020-01-23

▶

📋Vendor Advisories

Fortinet

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attac...↗2020-01-23

▶