vulnerability

Fortinet FortiOS: Use of Hard-coded Credentials (CVE-2019-6693)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Nov 21, 2019	Nov 28, 2019	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Nov 21, 2019

Added

Nov 28, 2019

Modified

Mar 30, 2026

Description

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Solution

fortios-upgrade-latest

References

CVE-2019-6693
https://attackerkb.com/topics/CVE-2019-6693
CWE-798
EUVD-EUVD-2019-16251
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-16251
https://fortiguard.com/advisory/FG-IR-19-007

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report