CISA KEV 정보
| 취약점명 | Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability |
|---|---|
| 설명 | Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. |
| 조치사항 | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Known |
| CWE | CWE-798 |
| 등록일 (KEV) | 2025-06-25 |
| 조치 기한 | 2025-07-16 |
| 추가 참고 | https://fortiguard.com/advisory/FG-IR-19-007 ; https://nvd.nist.gov/vuln/detail/CVE-2019-6693 |
NVD 상세 정보
CVSS v3.1: 6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NCVSS v2.0: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N설명: Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
CWE: CWE-798 | CWE-798
참조
- https://fortiguard.com/advisory/FG-IR-19-007 [Mitigation, Vendor Advisory]
- https://fortiguard.com/advisory/FG-IR-19-007 [Mitigation, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6693 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.