CVE-2019-6693

CVE Database · CVE-2019-6693

CVE-2019-6693

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

5.35%

Published

Nov 21, 2019

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2025-06-25 · Due: 2025-07-16

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (5)

All weaponized →

TrickestTrickest PoC index GitHub PoCsaladandonionrings/cve-2019-6693★26 GitHub PoCsynacktiv/CVE-2020-9289★11 GitHub PoCgquere/CVE-2019-6693★7 GitHub PoCReal4XoR/CVE-2019-6693★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-798CWE-798

Affected Products (3)

fortinet · fortiosvulnerable

References (3)

https://fortiguard.com/advisory/FG-IR-19-007

MitigationVendor Advisory

https://fortiguard.com/advisory/FG-IR-19-007

MitigationVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-6693

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs