Details of VAR-202001-0226

ID

VAR-202001-0226

CVE

CVE-2019-5593

TITLE

Fortinet FortiOS Inadequate default permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014336

DESCRIPTION

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. Fortinet FortiOS Contains an improper default permissions vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS 5.6.10 and earlier, versions 6.0.0 to 6.0.6, and 6.2.0. Attackers can exploit this vulnerability to cause information disclosure

Trust: 1.71

sources: NVD: CVE-2019-5593 // JVNDB: JVNDB-2019-014336 // VULHUB: VHN-157028

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	lte	version:	5.6.10	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.0.6	Trust: 1.0
vendor:	フォーティネット	model:	fortios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-014336 // NVD: CVE-2019-5593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5593
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-5593
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201911-1041
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-157028
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-5593
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-157028
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-5593
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5593
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-157028 // JVNDB: JVNDB-2019-014336 // CNNVD: CNNVD-201911-1041 // NVD: CVE-2019-5593

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.0
problemtype:	Incorrect authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-276	Trust: 0.1

sources: VULHUB: VHN-157028 // JVNDB: JVNDB-2019-014336 // NVD: CVE-2019-5593

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1041

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-1041

PATCH

title:	FG-IR-19-134	url:	https://fortiguard.com/psirt/FG-IR-19-134	Trust: 0.8
title:	Fortinet FortiOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111036	Trust: 0.6

sources: JVNDB: JVNDB-2019-014336 // CNNVD: CNNVD-201911-1041

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5593	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-014336	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1041	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4342	Trust: 0.6
db:	VULHUB	id:	VHN-157028	Trust: 0.1

sources: VULHUB: VHN-157028 // JVNDB: JVNDB-2019-014336 // CNNVD: CNNVD-201911-1041 // NVD: CVE-2019-5593

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-19-134	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5593	Trust: 1.4
url:	https://vigilance.fr/vulnerability/fortios-information-disclosure-via-private-keys-30889	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4342/	Trust: 0.6

sources: VULHUB: VHN-157028 // JVNDB: JVNDB-2019-014336 // CNNVD: CNNVD-201911-1041 // NVD: CVE-2019-5593

SOURCES

db:	VULHUB	id:	VHN-157028
db:	JVNDB	id:	JVNDB-2019-014336
db:	CNNVD	id:	CNNVD-201911-1041
db:	NVD	id:	CVE-2019-5593

LAST UPDATE DATE

2024-08-14T14:26:00.952000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157028	date:	2020-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-014336	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201911-1041	date:	2021-07-26T00:00:00
db:	NVD	id:	CVE-2019-5593	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157028	date:	2020-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-014336	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201911-1041	date:	2019-11-15T00:00:00
db:	NVD	id:	CVE-2019-5593	date:	2020-01-23T17:15:12.173