ID |
CVE-2018-9194
|
Summary |
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*
-
cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*
-
cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*
-
cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*
-
cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
-
cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.3 (as of 03-10-2019 - 00:03) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-203 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
refmap
via4
|
|
Last major update |
03-10-2019 - 00:03 |
Published |
05-09-2018 - 13:29 |
Last modified |
03-10-2019 - 00:03 |