cbcvebase.
CVE-2019-6693
published 2019-11-21

CVE-2019-6693: Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to…

PriorityP184medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2025-07-16
Exploited in the wild
EPSS
5.35%
91.6th percentile
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Affected

9 ranges
VendorProductVersion rangeFixed in
fortinetfortianalyzer
fortinetfortigate
fortinetfortigate
fortinetfortigate
fortinetfortimanager
fortinetfortios<= 5.6.10
fortinetfortios
fortinetfortios
fortinetfortios6.0.0 – 6.0.6

Detection & IOCsextracted from sources · hover to see the quote

hashe57340a208ac9d95a1f015a5d6d98b94
hashe8139b0bc60a930586cf3af6fa5ea573
hasha1f4931992bf05e9bff4b173c15cab15
hash08bd63480cd313d2e219448ac28f72cd
hash4aecef9ddc8d07b82a6902b27f051f34
hashab9e577334aeb060ac402598098e13b9
filenameLog-date-month-year-hour-minute-second.txt
processnetscan.exe
  • CVE-2019-6693 is actively exploited by Akira ransomware affiliates for initial access into FortiOS environments
  • ·The hard-coded key vulnerability affects FortiOS configuration backup files; sensitive data decipherable includes users' passwords (except administrator's), private key passphrases, and HA passwords
  • ·The same hard-coded key issue also affects FortiManager 6.2.3 and below and FortiAnalyzer 6.2.3 and below for CLI configuration/backup files (tracked as CVE-2020-9289)

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck6.5MEDIUM
cisa6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.