{"containers": {"cna": {"affected": [{"product": "Fortinet FortiOS", "vendor": "n/a", "versions": [{"status": "affected", "version": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below"}]}], "descriptions": [{"lang": "en", "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below."}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-23T16:50:43.000Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://fortiguard.com/psirt/FG-IR-19-134"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-5593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiOS", "version": {"version_data": [{"version_value": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-19-134", "refsource": "MISC", "url": "https://fortiguard.com/psirt/FG-IR-19-134"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.677Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-19-134"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T13:59:38.518298Z", "id": "CVE-2019-5593", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:04:22.039Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-5593", "datePublished": "2020-01-23T16:50:43.000Z", "dateReserved": "2019-01-07T00:00:00.000Z", "dateUpdated": "2024-10-25T14:04:22.039Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-134", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.677Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-5593", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T13:59:38.518298Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:00:51.202Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Fortinet FortiOS", "versions": [{"status": "affected", "version": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below"}]}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-134", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2020-01-23T16:50:43.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below"}]}, "product_name": "Fortinet FortiOS"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-19-134", "name": "https://fortiguard.com/psirt/FG-IR-19-134", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-5593", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-5593", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:04:22.039Z", "dateReserved": "2019-01-07T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2020-01-23T16:50:43.000Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBDD29F8-B339-4C3B-AF3F-77BB3D323D1D", "versionEndIncluding": "5.6.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FA4CED9-EAB9-4FE4-B058-CC4D3E03C520", "versionEndIncluding": "6.0.6", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "72C437B7-75F8-4DDC-9670-19E2C21ACB27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below."}, {"lang": "es", "value": "Una comprobaci\u00f3n inapropiada de permisos o valores en la consola de la CLI puede permitir a un usuario no privilegiado obtener claves privadas en texto plano de Fortinet FortiOS de los certificados locales incorporados del sistema mediante la desconfiguraci\u00f3n de la contrase\u00f1a de cifrado de claves en FortiOS versi\u00f3n 6.2.0, versiones 6.0.0 hasta 6.0.6, y versiones 5.6.10 y por debajo, o por un usuario que carg\u00f3 certificados locales mediante la configuraci\u00f3n de una contrase\u00f1a vac\u00eda en FortiOS versiones 6.2.1, 6.2.0, y versiones 6.0.6 y por debajo."}], "id": "CVE-2019-5593", "lastModified": "2024-11-21T04:45:11.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-23T17:15:12.173", "references": [{"source": "psirt@fortinet.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-134"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}