Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-19-007 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2020-06-16T20:12:40
Updated: 2024-08-04T10:26:16.066Z
Reserved: 2020-02-19T00:00:00
Link: CVE-2020-9289
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-06-16T21:15:11.470
Modified: 2022-10-06T23:59:27.180
Link: CVE-2020-9289
Redhat
No data.