← Back

CVE-2018-9195

nvd nist
Published: Nov 21, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.

Affected (3)

Fortinet
2 products
Forticlient
Fortios
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Forticlient
Up to 6.2.1
Forticlient
Up to 6.0.6
Fortios
Up to 6.0.6

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

Source: psirt@fortinet.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.