Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-19-134 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2020-01-23T16:50:43
Updated: 2024-08-04T20:01:51.677Z
Reserved: 2019-01-07T00:00:00
Link: CVE-2019-5593
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-01-23T17:15:12.173
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-5593
Redhat
No data.