Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
PoC: CVE-2020-9289
Decrypt reversible secrets encrypted using the default hardcoded key related to CVE-2020-9289 on FortiAnalyzer/FortiManager (the only difference with CVE-2019-6693 is the encryption routine).
PoC: CVE-2019-6693
Decrypt FortiGate configuration secrets
PoC: cve-2019-6693
An authorized remote user with access or knowledge of the standard encryption key can gain access and decrypt the FortiOS backup files and all non-administator passwords, private keys and High Availability passwords.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free