CVE-2020-9289

HIGH

FortiAnalyzer and FortiManager < 6.2.3 - Use of Hard-coded Cryptographic Key

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9289. PoCs published by synacktiv.

AI-analyzed exploit summary This PoC decrypts FortiManager/FortiAnalyzer configuration secrets by exploiting a hardcoded AES key (CVE-2020-9289 and CVE-2019-6693). It handles IV extraction and padding adjustments specific to these devices.

Description

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

Exploits (1)

nomisec WORKING POC 11 stars

by synacktiv · poc

https://github.com/synacktiv/CVE-2020-9289

View Code ZIP pw:eip

This PoC decrypts FortiManager/FortiAnalyzer configuration secrets by exploiting a hardcoded AES key (CVE-2020-9289 and CVE-2019-6693). It handles IV extraction and padding adjustments specific to these devices.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FortiManager/FortiAnalyzer (versions affected by CVE-2020-9289/CVE-2019-6693)

No auth needed

Prerequisites: Base64-encoded encrypted secret from FortiManager/FortiAnalyzer configuration

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://fortiguard.com/psirt/FG-IR-19-007

Scores

CVSS v3 7.5

EPSS 0.0224

EPSS Percentile 80.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (2)

fortinet/fortianalyzer < 6.2.3

fortinet/fortimanager < 6.2.3

Published Jun 16, 2020

Tracked Since Feb 18, 2026