CVE-2019-17659

Low CVSS 3.7

Overview

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.

CWE: CWE-798 Published: 2025-03-17T14:15:16.360

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.7 (LOW)
Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags