ID

VAR-202001-0226


CVE

CVE-2019-5593


TITLE

Fortinet FortiOS  Inadequate default permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014336

DESCRIPTION

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. Fortinet FortiOS Contains an improper default permissions vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS 5.6.10 and earlier, versions 6.0.0 to 6.0.6, and 6.2.0. Attackers can exploit this vulnerability to cause information disclosure

Trust: 1.71

sources: NVD: CVE-2019-5593 // JVNDB: JVNDB-2019-014336 // VULHUB: VHN-157028

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:5.6.10

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.6

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-014336 // NVD: CVE-2019-5593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5593
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5593
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-1041
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157028
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-5593
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-157028
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5593
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5593
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157028 // JVNDB: JVNDB-2019-014336 // CNNVD: CNNVD-201911-1041 // NVD: CVE-2019-5593

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.0

problemtype:Incorrect authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-276

Trust: 0.1

sources: VULHUB: VHN-157028 // JVNDB: JVNDB-2019-014336 // NVD: CVE-2019-5593

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1041

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-1041

PATCH

title:FG-IR-19-134url:https://fortiguard.com/psirt/FG-IR-19-134

Trust: 0.8

title:Fortinet FortiOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111036

Trust: 0.6

sources: JVNDB: JVNDB-2019-014336 // CNNVD: CNNVD-201911-1041

EXTERNAL IDS

db:NVDid:CVE-2019-5593

Trust: 2.5

db:JVNDBid:JVNDB-2019-014336

Trust: 0.8

db:CNNVDid:CNNVD-201911-1041

Trust: 0.7

db:AUSCERTid:ESB-2019.4342

Trust: 0.6

db:VULHUBid:VHN-157028

Trust: 0.1

sources: VULHUB: VHN-157028 // JVNDB: JVNDB-2019-014336 // CNNVD: CNNVD-201911-1041 // NVD: CVE-2019-5593

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-19-134

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-5593

Trust: 1.4

url:https://vigilance.fr/vulnerability/fortios-information-disclosure-via-private-keys-30889

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4342/

Trust: 0.6

sources: VULHUB: VHN-157028 // JVNDB: JVNDB-2019-014336 // CNNVD: CNNVD-201911-1041 // NVD: CVE-2019-5593

SOURCES

db:VULHUBid:VHN-157028
db:JVNDBid:JVNDB-2019-014336
db:CNNVDid:CNNVD-201911-1041
db:NVDid:CVE-2019-5593

LAST UPDATE DATE

2024-08-14T14:26:00.952000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-157028date:2020-01-29T00:00:00
db:JVNDBid:JVNDB-2019-014336date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-201911-1041date:2021-07-26T00:00:00
db:NVDid:CVE-2019-5593date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-157028date:2020-01-23T00:00:00
db:JVNDBid:JVNDB-2019-014336date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-201911-1041date:2019-11-15T00:00:00
db:NVDid:CVE-2019-5593date:2020-01-23T17:15:12.173