// For flags

CVE-2018-9192

 

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.

Podría ser posible recuperar en texto plano mensajes cifrados o realizar un ataque Man-in-the-Middle (MitM) en el cifrado RSA PKCS #1 v1.5 sin conocer la clave privada del servidor. Fortinet FortiOS, de la versión 5.4.6 a la 5.4.9 y las versiones 6.0.0 y 6.0.1, son vulnerables por medio de dichos ataques bajo la funcionalidad SSL Deep Inspection cuando se emplea CPx.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2018-04-02 CVE Reserved
  • 2018-09-05 CVE Published
  • 2023-08-30 EPSS Updated
  • 2024-10-25 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-203: Observable Discrepancy
CAPEC
References (3)
URL Tag Source
https://robotattack.org Third Party Advisory
https://www.kb.cert.org/vuls/id/144389 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
https://fortiguard.com/advisory/FG-IR-17-302 2019-10-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fortinet
Search vendor "Fortinet"
 Fortios
Search vendor "Fortinet" for product "Fortios"
 >= 5.4.6 <= 5.4.9
Search vendor "Fortinet" for product "Fortios" and version " >= 5.4.6 <= 5.4.9"
-
Affected
Fortinet
Search vendor "Fortinet"
 Fortios
Search vendor "Fortinet" for product "Fortios"
 6.0.0
Search vendor "Fortinet" for product "Fortios" and version "6.0.0"
-
Affected
Fortinet
Search vendor "Fortinet"
 Fortios
Search vendor "Fortinet" for product "Fortios"
 6.0.1
Search vendor "Fortinet" for product "Fortios" and version "6.0.1"
-
Affected