V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2019-6693
CVE
Medium KEVConfirmedExploit available

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to th…

CVSS
6.5
Medium
EPSS
0.05
p91
Published
2019-01-01
Updated
2025-06-25
Description

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Tags · CWE
KEV
CWE-798
CAPEC-70
CAPEC-191
Affected products
FortiOS ≤ 5.6.10FortiOS 6.0.0–6.0.6FortiOS
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Timeline
2019-01-01
Published
2025-06-25
Added to KEV
2025-06-25
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.054 · p91
Known exploited (KEV)
Yes
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-70 · CWE-798
└ via CAPEC-191 · CWE-798
Known exploits — Сканер-ВС
CVE-2019-6693
cisa · https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Enterprise
Affected products
ProductVendorStatus
fortios*Exploited
Source databases
CVE
Related vulnerabilities