CVE-2019-15703

HIGH

Fortinet FortiOS <6.2.1 - Info Disclosure

Title source: llm

Description

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-19-186

Scores

CVSS v3 7.5

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-331

Status published

Products (1)

fortinet/fortios < 5.6.9

Published Oct 24, 2019

Tracked Since Feb 18, 2026