CVE-2018-9194
N/A
N/A
Summary
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortinet, Inc. | FortiOS | 6.0.1, 6.0.0 | affected |
| Fortinet, Inc. | FortiOS | 5.4.9, 5.4.8, 5.4.7, 5.4.6 | affected |
Weaknesses
- Information disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://robotattack.org/
- https://fortiguard.com/advisory/FG-IR-17-302
- https://www.kb.cert.org/vuls/id/144389
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://robotattack.org/
- https://fortiguard.com/advisory/FG-IR-17-302
- https://www.kb.cert.org/vuls/id/144389
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.