CVE-2019-6693 | THREATINT

Description

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

PUBLISHED Reserved 2019-01-23 | Published 2019-11-21 | Updated 2025-10-21 | Assigner fortinet

CISA Known Exploited Vulnerability

Date added 2025-06-25 | Due date 2025-07-16

Known Ransomware Campaign(s)

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

Information disclosure

Product status

5.6.9 and below

affected

6.0.5 and below

affected

6.2.0

affected

References

fortiguard.com/advisory/FG-IR-19-007

www.cisa.gov/...nerabilities-catalog?field_cve=CVE-2019-6693 government-resource

fortiguard.com/advisory/FG-IR-19-007

cve.org (CVE-2019-6693)

nvd.nist.gov (CVE-2019-6693)

Download JSON