CVE-2019-17659

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-19-296	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*

History

15 Jul 2025, 16:48

Type	Values Removed	Values Added
First Time		Fortinet fortisiem Fortinet
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-19-296 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-19-296 - Vendor Advisory
CPE		cpe:2.3:a:fortinet:fortisiem::::::::
Summary		(es) Una vulnerabilidad en el uso de una clave criptográfica codificada en FortiSIEM versión 5.2.6 puede permitir que un atacante remoto no autenticado obtenga acceso SSH al supervisor como el usuario restringido "tunneluser" aprovechando el conocimiento de la clave privada de otra instalación o una imagen de firmware.

17 Mar 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-17 14:15

Updated : 2025-07-15 16:48

NVD link : CVE-2019-17659

Mitre link : CVE-2019-17659

CVE.ORG link : CVE-2019-17659

JSON object : View

Products Affected

fortinet

fortisiem

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2019-17659", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2025-03-17T14:15:16.360", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-19-296", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user \"tunneluser\" by leveraging knowledge of the private key from another installation or a firmware image."}, {"lang": "es", "value": "Una vulnerabilidad en el uso de una clave criptogr\u00e1fica codificada en FortiSIEM versi\u00f3n 5.2.6 puede permitir que un atacante remoto no autenticado obtenga acceso SSH al supervisor como el usuario restringido \"tunneluser\" aprovechando el conocimiento de la clave privada de otra instalaci\u00f3n o una imagen de firmware."}], "lastModified": "2025-07-15T16:48:48.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C961C610-69DC-495B-BEA0-203F0A2AD0C1", "versionEndExcluding": "5.2.7"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}