vulnerability

Fortinet FortiManager: Use of Hard-coded Credentials (CVE-2020-9289)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jun 16, 2020	Jul 26, 2021	Jul 26, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jun 16, 2020

Added

Jul 26, 2021

Modified

Jul 26, 2021

Description

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

Solutions

fortinet-fortimanager-upgrade-6_2_3fortinet-fortimanager-upgrade-6_2_5

References

CVE-2020-9289
https://attackerkb.com/topics/CVE-2020-9289
URL-https://fortiguard.com/psirt/FG-IR-19-007

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today