CVE-2019-6698

CVE Database · CVE-2019-6698

CVE-2019-6698

· CRITICALModified

CVSS v3.1

9.8

EPSS

1.52%

Published

Aug 23, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-798

Affected Products (4)

fortinet · fortirecorder_firmware (up to 2.7.4)vulnerable

fortinet · fortirecorder_100d

fortinet · fortirecorder_200d

fortinet · fortirecorder_400d

References (2)

https://fortiguard.com/advisory/FG-IR-19-185

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-19-185

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs