CVE-2019-6695

CRITICAL

FortiManager < 6.0.6 - Insufficient Verification of Data Authenticity

Title source: llm

Description

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.

References (1)

Core 1

Core References

Mitigation, Vendor Advisory x_refsource_confirm

https://fortiguard.com/advisory/FG-IR-19-017

Scores

CVSS v3 9.8

EPSS 0.0026

EPSS Percentile 49.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-345

Status published

Products (2)

fortinet/fortimanager 6.2.0

fortinet/fortimanager < 6.0.6

Published Aug 23, 2019

Tracked Since Feb 18, 2026