CVE-2019-6698

{"id": "CVE-2019-6698", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-08-23T20:15:10.427", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-19-185", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device."}, {"lang": "es", "value": "El uso de la vulnerabilidad de Credenciales codificadas en FortiRecorder en todas las versiones anteriores a 2.7.4 puede permitir que un atacante no autenticado con conocimiento de las credenciales mencionadas y el acceso a la red de FortiCameras tome el control de ellas, siempre que est\u00e9n administradas por un dispositivo FortiRecorder."}], "lastModified": "2019-10-03T17:50:57.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D383C63-3EE9-4285-8234-CD9ABDEDCFB4", "versionEndExcluding": "2.7.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortirecorder_100d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A46FAC06-A480-4DA2-94CA-F62E375FE852"}, {"criteria": "cpe:2.3:h:fortinet:fortirecorder_200d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "22C395A3-045D-49A1-8388-7279BB812F50"}, {"criteria": "cpe:2.3:h:fortinet:fortirecorder_400d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A83F3798-7188-498A-95A7-FF4FB3EEC63A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@fortinet.com"}