Multiple Vulnerabilities in Fortinet Products

Severity Level: High

Date: 26/06/2025

Ref: CERT/NCSOC/23/0234

Components Affected

• FortiClient Windows 6.0.6 and below
• FortiClient Mac 6.2.1 and below
• FortiOS 6.0.6 and below
• FortiOS 5.6.10 and below
• FortiOS 6.2.0

Overview

Multiple vulnerabilities were identified in Fortinet products. A remote attacker could exploit some of these vulnerabilities to trigger information disclosure on the targeted system.

Description

The identified vulnerabilities include:

• CVE-2019-6693 is being exploited in the wild. An attacker with access to the backup file can use the hardcoded cryptographic key to decrypt data in the backup file and gain access to sensitive information. Hence, the risk level is rated as High.

Impact

• Information Disclosure

Solution / Workarounds

Before installation of the software, please visit the vendor's website for more details.

Apply fixes issued by the vendor:

• FortiGuard Advisory FG-IR-19-007
• FortiGuard Advisory FG-IR-18-100

Reference

• HKCERT Security Bulletin
• Fortinet PSIRT Portal

Disclaimer

The information provided herein is on an "as is" basis, without warranty of any kind.