CVE-2020-9289

EUVD-2020-30115
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
fortinetfortianalyzer
𝑥
≤ 6.2.3
fortinetfortimanager
𝑥
≤ 6.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-19-007
https://fortiguard.com/psirt/FG-IR-19-007