CVE-2019-6693
published 2019-11-21CVE-2019-6693: Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to…
PriorityP184medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2025-07-16
Exploited in the wild
EPSS
5.35%
91.6th percentile
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortigate | — | — |
| fortinet | fortigate | — | — |
| fortinet | fortigate | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortios | <= 5.6.10 | — |
| fortinet | fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 6.0.0 – 6.0.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2019-6693 is actively exploited by Akira ransomware affiliates for initial access into FortiOS environments ↗
- ·The hard-coded key vulnerability affects FortiOS configuration backup files; sensitive data decipherable includes users' passwords (except administrator's), private key passphrases, and HA passwords ↗
- ·The same hard-coded key issue also affects FortiManager 6.2.3 and below and FortiAnalyzer 6.2.3 and below for CLI configuration/backup files (tracked as CVE-2020-9289) ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck6.5MEDIUM
cisa6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
cisa·2025-06-25·CVSS 6.5
CVE-2019-6693 [MEDIUM] CWE-798 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Vulnerability: Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Affected: Fortinet FortiOS
Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://fortiguard.com/advisory/FG-IR-19-007 ; https://nvd.nist.gov/vuln/detail/CVE-2019-6693
Remediation Due Date: 2025-07-16
Fortinet
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacke...
vendor_fortinet·2019-11-21·CVSS 7.5
CVE-2019-6693 [MEDIUM] CWE-798 Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacke...
FG-IR-19-007: Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacke...
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowle
GHSA
GHSA-hx92-84x6-67mx: Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup fi
ghsa_unreviewed·2022-05-24
CVE-2019-6693 [MEDIUM] CWE-798 GHSA-hx92-84x6-67mx: Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup fi
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
VulnCheck
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
vulncheck·2019·CVSS 6.5
CVE-2019-6693 [MEDIUM] CWE-798 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
Affected: Fortinet FortiOS
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://stairwell.com/resources/akira-pulling-on-the-chains-of-ransomware/; https://blog.bushidotoken.net/2023/09/tracking-adversaries-akira-another.html; https://blog.qualys.com/vulnerabilities-threat-research/2024/10/02/threat-brief-understanding-akira-ransomw
No detection rules found.
No public exploits indexed.
Mandiant
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
blogs_mandiant·2026-03-16
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
## Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark
## Introduction
Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ransomware has become one of the most pervasive threats to organizations across almost every industry vertical and region. In recent years ransomware operations have evolved, creating a robust ecosystem that has lowered the barrier to entry via the commoditization and specialization of the supporting underground communities, w
Mandiant
Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape
blogs_mandiant·2026-03-16
Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape
Threat Intelligence
# Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
March 16, 2026
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark
### Introduction
Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ransomware has become one of the most pervasive threats to organizations across almost every industry vertical and region. In recent years ransomware operations have evolved, creating a robust ecosystem that has lowered the barrier to entry via the commoditiza
Greynoiseio
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates
blogs_greynoiseio·2026-02-02
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Qualys
Akira Ransomware Analysis Origins Tactics and Detection Strategies
blogs_qualys·2024-10-02·CVSS 6.5
[MEDIUM] Akira Ransomware Analysis Origins Tactics and Detection Strategies
## Table of Contents
What is Akira Ransomware? An Overview
Tactics, Techniques, and Procedures (TTPs) Used by Akira
Analyzing Akira Ransomware Samples
How to Detect Akira: Threat Hunting Approaches
Wrapping Up: Key Takeaways on Akira Ransomware
Akira Ransomware in the MITRE ATT&CK Framework
Indicators of Compromise (IoCs) for Akira
## What is Akira Ransomware? An Overview
Akira is a prolific ransomware that has been operating since March 2023 and has targeted multiple industries, primarily in North America, the UK, and Australia. It functions as a Ransomware as a Service (RaaS) and exfiltrates data prior to encryption, achieving double extortion. According to the group’s leak site, they have infected over 196 organizations.
When looking at the history of Akira, one must go back t
2019-11-21
Published
2025-06-25
Added to CISA KEV
Exploited in the wild