cve-2019-5593
Vulnerability from cvelistv5
Published
2020-01-23 16:50
Modified
2024-10-25 14:04
Severity ?
EPSS score ?
Summary
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-19-134 | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-19-134 | Mitigation, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Fortinet FortiOS |
Version: FortiOS 6.2.0 to 6.2.1, 6.0.6 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:01:51.677Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-19-134" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-5593", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T13:59:38.518298Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T14:04:22.039Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Fortinet FortiOS", "vendor": "n/a", "versions": [ { "status": "affected", "version": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system\u0027s builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-23T16:50:43", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://fortiguard.com/psirt/FG-IR-19-134" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-5593", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortinet FortiOS", "version": { "version_data": [ { "version_value": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system\u0027s builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://fortiguard.com/psirt/FG-IR-19-134", "refsource": "MISC", "url": "https://fortiguard.com/psirt/FG-IR-19-134" } ] } } } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-5593", "datePublished": "2020-01-23T16:50:43", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-10-25T14:04:22.039Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-5593\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2020-01-23T17:15:12.173\",\"lastModified\":\"2024-11-21T04:45:11.783\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system\u0027s builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.\"},{\"lang\":\"es\",\"value\":\"Una comprobaci\u00f3n inapropiada de permisos o valores en la consola de la CLI puede permitir a un usuario no privilegiado obtener claves privadas en texto plano de Fortinet FortiOS de los certificados locales incorporados del sistema mediante la desconfiguraci\u00f3n de la contrase\u00f1a de cifrado de claves en FortiOS versi\u00f3n 6.2.0, versiones 6.0.0 hasta 6.0.6, y versiones 5.6.10 y por debajo, o por un usuario que carg\u00f3 certificados locales mediante la configuraci\u00f3n de una contrase\u00f1a vac\u00eda en FortiOS versiones 6.2.1, 6.2.0, y versiones 6.0.6 y por debajo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.6.10\",\"matchCriteriaId\":\"DBDD29F8-B339-4C3B-AF3F-77BB3D323D1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.6\",\"matchCriteriaId\":\"8FA4CED9-EAB9-4FE4-B058-CC4D3E03C520\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72C437B7-75F8-4DDC-9670-19E2C21ACB27\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-19-134\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-19-134\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.