CVE-2019-6695 — Insufficient Verification of Data Authenticity in Fortinet Fortimanager

CWE-345 — Insufficient Verification of Data Authenticity4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 50.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortimanager Fortinet Fortimanager

Timeline

PublishedAug 23

Latest updateMay 24

Description

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortimanager6.0.6+1

▶CVEListV5fortinet/fortinet_fortimanagerFortiManager all versions below 6.2.1

🔴Vulnerability Details

GHSA

GHSA-fqfh-95gw-rh8x: Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6↗2022-05-24

▶

CVEList

CVE-2019-6695: Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6↗2019-08-23

▶

📋Vendor Advisories

Fortinet

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow...↗2019-06-04

▶