{"containers": {"cna": {"affected": [{"product": "Fortinet FortiManager", "vendor": "n/a", "versions": [{"status": "affected", "version": "FortiManager 6.2.3 and below"}]}], "descriptions": [{"lang": "en", "value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-24T22:33:52", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://fortiguard.com/psirt/FG-IR-19-007"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2020-9289", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiManager", "version": {"version_data": [{"version_value": "FortiManager 6.2.3 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-19-007", "refsource": "MISC", "url": "https://fortiguard.com/psirt/FG-IR-19-007"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:16.066Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-19-007"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T20:09:48.822151Z", "id": "CVE-2020-9289", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:25:10.790Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2020-9289", "datePublished": "2020-06-16T20:12:40", "dateReserved": "2020-02-19T00:00:00", "dateUpdated": "2024-10-25T14:25:10.790Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-007", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:16.066Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-9289", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-24T20:09:48.822151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:17:07.960Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Fortinet FortiManager", "versions": [{"status": "affected", "version": "FortiManager 6.2.3 and below"}]}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-007", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2020-07-24T22:33:52"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiManager 6.2.3 and below"}]}, "product_name": "Fortinet FortiManager"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-19-007", "name": "https://fortiguard.com/psirt/FG-IR-19-007", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-9289", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2020-9289", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:25:10.790Z", "dateReserved": "2020-02-19T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2020-06-16T20:12:40", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7C8292F-C105-450E-B406-DAF6193081FF", "versionEndIncluding": "6.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F684A12-89F4-4D63-95C2-6C46A469E10F", "versionEndIncluding": "6.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."}, {"lang": "es", "value": "Un uso de una clave criptogr\u00e1fica embebida para cifrar datos de contrase\u00f1a en la configuraci\u00f3n de la CLI en FortiManager versiones 6.2.3 y posteriores, FortiAnalyzer versiones 6.2.3 y posteriores puede permitir a un atacante con acceso a la configuraci\u00f3n de la CLI o al archivo de copia de seguridad de la CLI descifrar los datos confidenciales, por medio del conocimiento de la clave embebida"}], "id": "CVE-2020-9289", "lastModified": "2024-11-21T05:40:21.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-16T21:15:11.470", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-007"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}