fortinet fortios CVE-2019-6693 is a vulnerability in Fortinet FortiOS
Published on November 21, 2019

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. .

The following remediation steps are recommended / required by July 16, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2019-6693 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.


Products Associated with CVE-2019-6693

You can be notified by stack.watch whenever vulnerabilities like CVE-2019-6693 are published in these products:

 

What versions of FortiOS are vulnerable to CVE-2019-6693?