Fortigate: Exporting a local certificate with private key

Fortigate: Exporting a local certificate with private key Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-134 Final 1 1 2019-11-14T00:00:00 Current version 2019-11-14T00:00:00 2019-11-14T00:00:00 Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up config files can be restored onto a version of FortiOS or FortiProxy vulnerable to this, in order to obtain the plaintext versions of local certificates private keys encrypted in those config files. Information disclosure For system builtin local certificates via unsetting password:FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and belowFor user uploaded local certificates via setting an empty password:FortiOS 6.2.1, 6.2.0, 6.0.6 and below.FortiProxy version 2.0.0 through 2.0.4FortiProxy 1.2 all versionsFortiProxy 1.1 all versionsFortiProxy 1.0 all versions For system builtin local certificates via password unset: Upgrade to FortiOS 5.6.11, 6.0.7 or 6.2.1 and above For user uploaded local certificates via setting empty password: Upgrade to FortiOS 6.0.7 or 6.2.2 and above.Please upgrade to FortiProxy version 7.0.0 or above,Please upgrade to FortiProxy version 2.0.5 or above.[Workarounds] Always encrypt your FortiGate and FortiProxy configuration during backup and ensure to store or transfer your FortiGate or FortiProxy configuration through secure channels. Avoid disclosing your FortiGate or FortiProxy config snippet containing the following parts: config vpn certificate local edit [cert-name] set password ENC xxx set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- ..." next end https://fortiguard.fortinet.com/psirt/FG-IR-19-134 Fortigate: Exporting a local certificate with private key https://stuff.purdon.ca/?page_id=233 https://stuff.purdon.ca/?page_id=233 Fortigate: Exporting a local certificate with private key CVE-2019-5593 4.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-134 Fortigate: Exporting a local certificate with private key Reference> https://stuff.purdon.ca/?page_id=233 https://stuff.purdon.ca/?page_id=233