Vulnerabilities > CVE-2018-9194 - Information Exposure Through Discrepancy vulnerability in Fortinet Fortios

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

fortinet

CWE-203

NVD

Published: 2018-09-05

Updated: 2019-10-03

Summary

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.

Vulnerable Configurations

Part	Description	Count
OS	Fortinet Fortinet Fortios 6.0.0 Fortinet Fortios 6.0.1 Fortinet Fortios 5.4.6 Fortinet Fortios 5.4.7 Fortinet Fortios 5.4.8 Fortinet Fortios 5.4.9	6

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.kb.cert.org/vuls/id/144389
https://robotattack.org/
https://fortiguard.com/advisory/FG-IR-17-302