CVE-2018-9192

Summary

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.

Affected Software

VendorProductVersion RangeStatus
Fortinet, Inc.FortiOS6.0.1, 6.0.0affected
Fortinet, Inc.FortiOS5.4.9, 5.4.8, 5.4.7, 5.4.6affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References