CVE-2019-6693

medium

Description

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

References

Exploits
More

https://cloud.google.com/blog/topics/threat-intelligence/ransomware-ttps-shifting-threat-landscape/

https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates

https://www.securityweek.com/cisa-warns-ami-bmc-vulnerability-exploited-in-the-wild/

https://thehackernews.com/2025/06/cisa-adds-3-flaws-to-kev-catalog.html

https://securityaffairs.com/179354/security/u-s-cisa-adds-ami-megarac-spx-d-link-dir-859-routers-and-fortinet-fortios-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6693

https://fortiguard.com/advisory/FG-IR-19-007

Details

Source: Mitre, NVD

Published: 2019-11-21

Updated: 2025-10-24

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.72223