PT-2025-11478 · Fortinet · Fortisiem
Published
2025-03-17
·
Updated
2025-03-17
·
CVE-2019-17659
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FortiSIEM version 5.2.6
Description
A use of hard-coded cryptographic key issue may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user
tunneluser by leveraging knowledge of the private key from another installation or a firmware image.Recommendations
For FortiSIEM version 5.2.6, consider disabling SSH access for the
tunneluser until a fix is available, and restrict access to the supervisor to minimize the risk of exploitation.Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisiem