CVE-2019-5593
Last modified
CVE-2019-5593 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | <= 5.6.10 |
| Fortinet | Fortios | >= 6.0.0, <= 6.0.6 |
| Fortinet | Fortios | 6.2.0 |
References
- https://fortiguard.com/psirt/FG-IR-19-134Mitigation, Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-19-134Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-5593?
How severe is CVE-2019-5593?
How do I fix CVE-2019-5593?
Are you affected by CVE-2019-5593?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST