{"containers": {"cna": {"affected": [{"product": "Fortinet FortiRecorder", "vendor": "n/a", "versions": [{"status": "affected", "version": "FortiRecorder all versions below 2.7.4"}]}], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device."}], "problemTypes": [{"descriptions": [{"description": "Authentication Controls Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-23T19:58:39", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-19-185"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-6698", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiRecorder", "version": {"version_data": [{"version_value": "FortiRecorder all versions below 2.7.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication Controls Bypass"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-19-185", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-19-185"}]}}}}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-6698", "datePublished": "2019-08-23T19:58:39", "dateReserved": "2019-01-23T00:00:00", "dateUpdated": "2019-08-23T19:58:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D383C63-3EE9-4285-8234-CD9ABDEDCFB4", "versionEndExcluding": "2.7.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortirecorder_100d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A46FAC06-A480-4DA2-94CA-F62E375FE852", "vulnerable": false}, {"criteria": "cpe:2.3:h:fortinet:fortirecorder_200d:-:*:*:*:*:*:*:*", "matchCriteriaId": "22C395A3-045D-49A1-8388-7279BB812F50", "vulnerable": false}, {"criteria": "cpe:2.3:h:fortinet:fortirecorder_400d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A83F3798-7188-498A-95A7-FF4FB3EEC63A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device."}, {"lang": "es", "value": "El uso de la vulnerabilidad de Credenciales codificadas en FortiRecorder en todas las versiones anteriores a 2.7.4 puede permitir que un atacante no autenticado con conocimiento de las credenciales mencionadas y el acceso a la red de FortiCameras tome el control de ellas, siempre que est\u00e9n administradas por un dispositivo FortiRecorder."}], "id": "CVE-2019-6698", "lastModified": "2019-10-03T17:50:57.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-23T20:15:10.427", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-19-185"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}