CVE-2020-9289

Name of the Vulnerable Software and Affected Versions FortiManager versions 6.2.3 and below FortiAnalyzer versions 6.2.3 and below

Description The issue is related to the use of a hard-coded cryptographic key in the CLI configuration of FortiManager and FortiAnalyzer, which may allow an attacker with access to the CLI configuration or backup file to decrypt sensitive data. This could potentially lead to unauthorized access to protected information.

Recommendations For FortiManager versions 6.2.3 and below, update to a version above 6.2.3 to mitigate the risk. For FortiAnalyzer versions 6.2.3 and below, update to a version above 6.2.3 to mitigate the risk. As a temporary workaround, consider restricting access to the CLI configuration and backup files to minimize the risk of exploitation.