SB2020012326 - Incorrect default permissions in Fortinet, FortiOS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020012326

SB2020012326 - Incorrect default permissions in Fortinet, FortiOS

Published: January 23, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020012326
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Incorrect default permissions (CVE-ID: CVE-2019-5593)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.


Remediation

Install update from vendor's website.

References