{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T02:28:42.803","vulnerabilities":[{"cve":{"id":"CVE-2020-9289","sourceIdentifier":"psirt@fortinet.com","published":"2020-06-16T21:15:11.470","lastModified":"2024-11-21T05:40:21.903","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."},{"lang":"es","value":"Un uso de una clave criptográfica embebida para cifrar datos de contraseña en la configuración de la CLI en FortiManager versiones 6.2.3 y posteriores, FortiAnalyzer versiones 6.2.3 y posteriores puede permitir a un atacante con acceso a la configuración de la CLI o al archivo de copia de seguridad de la CLI descifrar los datos confidenciales, por medio del conocimiento de la clave embebida"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionEndIncluding":"6.2.3","matchCriteriaId":"A7C8292F-C105-450E-B406-DAF6193081FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionEndIncluding":"6.2.3","matchCriteriaId":"6F684A12-89F4-4D63-95C2-6C46A469E10F"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-19-007","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-19-007","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}