Back to search
CVE-2020-9289
Published: Jun 16, 2020
Modified: Oct 25, 2024
PUBLISHED
Description
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
| Vendor | Product | Versions |
|---|---|---|
n/a | Fortinet FortiManager | affected FortiManager 6.2.3 and below |
References
https://fortiguard.com/psirt/FG-IR-19-007
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now