vulnerability

Fortinet FortiAnalyzer: Use of Hard-coded Credentials (CVE-2020-9289)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jun 16, 2020	Oct 11, 2022	Apr 7, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jun 16, 2020

Added

Oct 11, 2022

Modified

Apr 7, 2026

Description

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

Solution

fortinet-fortianalyzer-upgrade-latest

References

CVE-2020-9289
https://attackerkb.com/topics/CVE-2020-9289
CWE-798
EUVD-EUVD-2020-30115
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-30115
https://fortiguard.com/psirt/FG-IR-19-007

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report