FortiOS/FortiProxy - local certificate private key improper protection in admin CLI console
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-134
Final
1
1
2019-11-14T00:00:00
Current version
2019-11-14T00:00:00
2019-11-14T00:00:00
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up config files can be restored onto a version of FortiOS or FortiProxy vulnerable to this, in order to obtain the plaintext versions of local certificates private keys encrypted in those config files.
Information Disclosure
For system builtin local certificates via unsetting password: FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below For user uploaded local certificates via setting an empty password: FortiOS 6.2.1, 6.2.0, 6.0.6 and below. FortiProxy version 2.0.0 through 2.0.4 FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions
For system builtin local certificates via password unset: Upgrade to FortiOS 5.6.11, 6.0.7 or 6.2.1 and above For user uploaded local certificates via setting empty password: Upgrade to FortiOS 6.0.7 or 6.2.2 and above. Please upgrade to FortiProxy version 7.0.0 or above, Please upgrade to FortiProxy version 2.0.5 or above. [Workarounds] Always encrypt your FortiGate and FortiProxy configuration during backup and ensure to store or transfer your FortiGate or FortiProxy configuration through secure channels. Avoid disclosing your FortiGate or FortiProxy config snippet containing the following parts: config vpn certificate local edit [cert-name] set password ENC xxx set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- ..." next end
https://fortiguard.fortinet.com/psirt/FG-IR-19-134
FortiOS/FortiProxy - local certificate private key improper protection in admin CLI console
https://stuff.purdon.ca/?page_id=233
https://stuff.purdon.ca/?page_id=233
FortiProxy 2.0.4
FortiProxy 2.0.3
FortiProxy 2.0.2
FortiProxy 2.0.1
FortiProxy 2.0.0
FortiProxy 1.2.13
FortiProxy 1.2.12
FortiProxy 1.2.11
FortiProxy 1.2.10
FortiProxy 1.2.9
FortiProxy 1.2.8
FortiProxy 1.2.7
FortiProxy 1.2.6
FortiProxy 1.2.5
FortiProxy 1.2.4
FortiProxy 1.2.3
FortiProxy 1.2.2
FortiProxy 1.2.1
FortiProxy 1.2.0
FortiProxy 1.1.6
FortiProxy 1.1.5
FortiProxy 1.1.4
FortiProxy 1.1.3
FortiProxy 1.1.2
FortiProxy 1.1.1
FortiProxy 1.1.0
FortiProxy 1.0.7
FortiProxy 1.0.6
FortiProxy 1.0.5
FortiProxy 1.0.4
FortiProxy 1.0.3
FortiProxy 1.0.2
FortiProxy 1.0.1
FortiProxy 1.0.0
FortiOS 6.2.1
FortiOS 6.2.0
FortiOS 6.0.7
FortiOS 6.0.6
FortiOS 6.0.5
FortiOS 6.0.4
FortiOS 6.0.3
FortiOS 6.0.2
FortiOS 6.0.1
FortiOS 6.0.0
FortiOS 5.6.10
FortiOS 5.6.9
FortiOS 5.6.8
FortiOS 5.6.7
FortiOS 5.6.6
FortiOS 5.6.5
FortiOS 5.6.4
FortiOS 5.6.3
FortiOS 5.6.2
FortiOS 5.6.1
FortiOS 5.6.0
FortiOS 5.4.13
FortiOS 5.4.12
FortiOS 5.4.11
FortiOS 5.4.10
FortiOS 5.4.9
FortiOS 5.4.8
FortiOS 5.4.7
FortiOS 5.4.6
FortiOS 5.4.5
FortiOS 5.4.4
FortiOS 5.4.3
FortiOS 5.4.2
FortiOS 5.4.1
FortiOS 5.4.0
FortiOS/FortiProxy - local certificate private key improper protection in admin CLI console
CVE-2019-5593
FortiProxy-2.0.4
FortiProxy-2.0.3
FortiProxy-2.0.2
FortiProxy-2.0.1
FortiProxy-2.0.0
FortiProxy-1.2.13
FortiProxy-1.2.12
FortiProxy-1.2.11
FortiProxy-1.2.10
FortiProxy-1.2.9
FortiProxy-1.2.8
FortiProxy-1.2.7
FortiProxy-1.2.6
FortiProxy-1.2.5
FortiProxy-1.2.4
FortiProxy-1.2.3
FortiProxy-1.2.2
FortiProxy-1.2.1
FortiProxy-1.2.0
FortiProxy-1.1.6
FortiProxy-1.1.5
FortiProxy-1.1.4
FortiProxy-1.1.3
FortiProxy-1.1.2
FortiProxy-1.1.1
FortiProxy-1.1.0
FortiProxy-1.0.7
FortiProxy-1.0.6
FortiProxy-1.0.5
FortiProxy-1.0.4
FortiProxy-1.0.3
FortiProxy-1.0.2
FortiProxy-1.0.1
FortiProxy-1.0.0
FortiOS-6.2.1
FortiOS-6.2.0
FortiOS-6.0.7
FortiOS-6.0.6
FortiOS-6.0.5
FortiOS-6.0.4
FortiOS-6.0.3
FortiOS-6.0.2
FortiOS-6.0.1
FortiOS-6.0.0
FortiOS-5.6.10
FortiOS-5.6.9
FortiOS-5.6.8
FortiOS-5.6.7
FortiOS-5.6.6
FortiOS-5.6.5
FortiOS-5.6.4
FortiOS-5.6.3
FortiOS-5.6.2
FortiOS-5.6.1
FortiOS-5.6.0
FortiOS-5.4.13
FortiOS-5.4.12
FortiOS-5.4.11
FortiOS-5.4.10
FortiOS-5.4.9
FortiOS-5.4.8
FortiOS-5.4.7
FortiOS-5.4.6
FortiOS-5.4.5
FortiOS-5.4.4
FortiOS-5.4.3
FortiOS-5.4.2
FortiOS-5.4.1
FortiOS-5.4.0
4.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-134
FortiOS/FortiProxy - local certificate private key improper protection in admin CLI console
Reference>
https://stuff.purdon.ca/?page_id=233
https://stuff.purdon.ca/?page_id=233