InfoSecBulletin Cybersecurity for mankind
CISA warns about a serious vulnerability in Fortinet FortiOS that threatens network security. CISA included CVE-2019-6693 in its Known Exploited Vulnerabilities catalog, showing that this flaw with hard-coded credentials is actively targeted in attacks.
Organizations using Fortinet FortiOS must remediate by July 16, 2025, per federal cybersecurity requirements. CISA added CVE-2019-6693 to its Known Exploited Vulnerabilities catalog, confirming active exploitation of Fortinet FortiOS systems in real-world attack.
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access
CISA Warns of FortiOS Hard-Coded Credentials Vulns
5 vendors’ printer totaling 748 models affected: Rapid7
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543
SonicWall warns of a trojanized NetExtender stealing VPN logins
CVE-2025-36537
TeamViewer patched vuln allowing hacker SYSTEM Rights
Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
The vulnerability involves hard-coded encryption keys that allows attackers to decrypt sensitive data from FortiOS configuration backup file. Organizations using affected Fortinet FortiOS systems have until July 16, 2025, to implement vendor mitigations or discontinue product use.
Hard-Coded Credential Vulnerability:
The inclusion of CVE-2019-6693 in CISA’s KEV catalog represents a significant escalation in the threat landscape surrounding Fortinet’s FortiOS operating system.
This vulnerability, classified under CWE-798 (Use of Hard-coded Credentials), has demonstrated active exploitation patterns that prompted federal cybersecurity authorities to mandate an immediate organizational response.
This vulnerability allows threat actors to decipher sensitive data contained within FortiOS configuration backup files through knowledge of the hard-coded encryption key.
Mitigations:
Organizations using Fortinet FortiOS must apply vendor-recommended mitigations by July 16, 2025, as mandated by CISA.
Remediation requirements are based on Binding Operational Directive (BOD) 22-01 for cloud services, highlighting the federal government’s dedication to proactive vulnerability management in critical infrastructure.
Network administrators should immediately consult Fortinet’s security advisory FG-IR-19-007 for specific mitigation procedures and patch availability.
Organizations that can’t implement sufficient fixes should stop using affected products until proper security measures are in place.
