CVE-2019-5593Improper Handling of Exceptional Conditions in Fortinet Fortios

CWE-755Improper Handling of Exceptional ConditionsCWE-276Incorrect Default Permissions4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 89.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortios
Timeline
PublishedJan 23
Latest updateMay 24

Description

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortios6.0.06.0.6+2
CVEListV5fortinet/fortinet_fortiosFortiOS 6.2.0 to 6.2.1, 6.0.6 and below

🔴Vulnerability Details

2
GHSA
GHSA-3hjp-23xj-gxx4: Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system2022-05-24
CVEList
CVE-2019-5593: Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system2020-01-23

📋Vendor Advisories

1
Fortinet
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plai...2020-01-23
CVE-2019-5593 — Fortinet Fortios vulnerability | cvebase