CVE-2018-1360

Summary

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.

Affected Software

VendorProductVersion RangeStatus
Fortinet, Inc.Fortinet FortiManager5.2.0 to 5.2.7affected
Fortinet, Inc.Fortinet FortiManager5.4.0affected
Fortinet, Inc.Fortinet FortiManager5.4.1affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References