CVE-2018-1360

Published: Apr 25, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.

Affected (3)

Products: Fortinet: Fortimanager

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortimanager	From 5.2.0 to 5.2.7
Fortinet Fortimanager	Version 5.4.0
Fortinet Fortimanager	Version 5.4.1

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

http://www.securityfocus.com/bid/108079

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-18-051

Source: psirt@fortinet.com

Vendor Advisory

http://www.securityfocus.com/bid/108079

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-18-051

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.