CVE-2018-9194
 
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.
Podría ser posible recuperar en texto plano mensajes cifrados o realizar un ataque Man-in-the-Middle (MitM) en el cifrado RSA PKCS #1 v1.5 sin conocer la clave privada del servidor. Fortinet FortiOS, de la versión 5.4.6 a la 5.4.9 y las versiones 6.0.0 y 6.0.1, son vulnerables por medio de dichos ataques bajo la funcionalidad VIP SSL cuando se emplea CPx.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-04-02 CVE Reserved
- 2018-09-05 CVE Published
- 2023-08-30 EPSS Updated
- 2024-10-25 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://robotattack.org | Third Party Advisory | |
https://www.kb.cert.org/vuls/id/144389 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://fortiguard.com/advisory/FG-IR-17-302 | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 5.4.6 <= 5.4.9 Search vendor "Fortinet" for product "Fortios" and version " >= 5.4.6 <= 5.4.9" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | 6.0.0 Search vendor "Fortinet" for product "Fortios" and version "6.0.0" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | 6.0.1 Search vendor "Fortinet" for product "Fortios" and version "6.0.1" | - |
Affected
|