vulnerability

Fortinet FortiAnalyzer: Use of Hard-coded Credentials (CVE-2020-9289)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jun 16, 2020	Oct 11, 2022	Oct 11, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jun 16, 2020

Added

Oct 11, 2022

Modified

Oct 11, 2022

Description

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

Solution

fortinet-fortianalyzer-upgrade-latest

References

CVE-2020-9289
https://attackerkb.com/topics/CVE-2020-9289
URL-https://fortiguard.com/psirt/FG-IR-19-007

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today