CVE-2018-9192 - A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5

CVE-2018-9192

Summary

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.

References

Vulnerable Configurations

cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-203

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

cert-vn	VU#144389
confirm	https://fortiguard.com/advisory/FG-IR-17-302
misc	https://robotattack.org/

Last major update

03-10-2019 - 00:03

Published

05-09-2018 - 13:29

Last modified

03-10-2019 - 00:03