CVE-2019-6693

MEDIUM KEV RANSOMWARE

Fortinet Fortios < 5.6.10 - Hard-coded Credentials

Title source: rule

Description

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Exploits (4)

nomisec WORKING POC 25 stars

by saladandonionrings · local

https://github.com/saladandonionrings/cve-2019-6693

View Code ZIP pw:eip

nomisec WORKING POC 11 stars

by synacktiv · poc

https://github.com/synacktiv/CVE-2020-9289

View Code ZIP pw:eip

nomisec WORKING POC 7 stars

by gquere · infoleak

https://github.com/gquere/CVE-2019-6693

View Code ZIP pw:eip

nomisec WORKING POC

by Real4XoR · local

https://github.com/Real4XoR/CVE-2019-6693

View Code ZIP pw:eip

References (2)

[Mitigation, Vendor Advisory] https://fortiguard.com/advisory/FG-IR-19-007

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6693

Scores

CVSS v3 6.5

EPSS 0.7222

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2025-06-25

VulnCheck KEV 2023-08-23

ENISA EUVD EUVD-2019-16251

Ransomware Use Confirmed

CWE

CWE-798

Status published

Products (2)

fortinet/fortios 6.2.0

fortinet/fortios < 5.6.10

Published Nov 21, 2019

KEV Added Jun 25, 2025

Tracked Since Feb 18, 2026