cvelistv5 - cve-2018-1360

CVE-2018-1360 (GCVE-0-2018-1360)

Vulnerability from cvelistv5

Published

2019-04-25 17:08

Modified

2024-10-25 14:30

Severity ?

CWE

Information disclosure

Summary

References

URL

Tags

psirt@fortinet.com	http://www.securityfocus.com/bid/108079	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-18-051	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108079	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-18-051	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Fortinet, Inc.	Fortinet FortiManager	Version: 5.2.0 to 5.2.7 Version: 5.4.0 Version: 5.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:38.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-18-051"
          },
          {
            "name": "108079",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108079"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-1360",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:03:57.208708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:30:18.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.0 to 5.2.7"
            },
            {
              "status": "affected",
              "version": "5.4.0"
            },
            {
              "status": "affected",
              "version": "5.4.1"
            }
          ]
        }
      ],
      "datePublic": "2019-04-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-29T05:06:04",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-18-051"
        },
        {
          "name": "108079",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108079"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2018-1360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.0 to 5.2.7"
                          },
                          {
                            "version_value": "5.4.0"
                          },
                          {
                            "version_value": "5.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-051",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-18-051"
            },
            {
              "name": "108079",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108079"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2018-1360",
    "datePublished": "2019-04-25T17:08:07",
    "dateReserved": "2017-12-11T00:00:00",
    "dateUpdated": "2024-10-25T14:30:18.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1360\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2019-04-25T18:29:00.333\",\"lastModified\":\"2024-11-21T03:59:41.327\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de transmisi\u00f3n en texto claro de informaci\u00f3n sensible en Fortinet FortiManager para las versiones desde la 5.2.0 hasta la 5.2.7, 5.4.0 y 5.4.1 un atacante no autenticado puede realizar un ataque man in the middle, y recuperar la contrase\u00f1a de administrador interceptando las respuestas de REST API JSON.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2.0\",\"versionEndIncluding\":\"5.2.7\",\"matchCriteriaId\":\"F07068D8-E21A-4C42-9111-035612F09F74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"849E2A27-7984-426E-A56A-E4D6338E5EA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50CB5ABE-B76C-4E29-915C-A9BCC50B7A13\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/108079\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-18-051\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-18-051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-18-051\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/108079\", \"name\": \"108079\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:59:38.677Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-1360\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:03:57.208708Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:17:46.419Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet, Inc.\", \"product\": \"Fortinet FortiManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.2.0 to 5.2.7\"}, {\"status\": \"affected\", \"version\": \"5.4.0\"}, {\"status\": \"affected\", \"version\": \"5.4.1\"}]}], \"datePublic\": \"2019-04-23T00:00:00\", \"references\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-18-051\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securityfocus.com/bid/108079\", \"name\": \"108079\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2019-04-29T05:06:04\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"5.2.0 to 5.2.7\"}, {\"version_value\": \"5.4.0\"}, {\"version_value\": \"5.4.1\"}]}, \"product_name\": \"Fortinet FortiManager\"}]}, \"vendor_name\": \"Fortinet, Inc.\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://fortiguard.com/advisory/FG-IR-18-051\", \"name\": \"https://fortiguard.com/advisory/FG-IR-18-051\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securityfocus.com/bid/108079\", \"name\": \"108079\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Information disclosure\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-1360\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-1360\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:30:18.549Z\", \"dateReserved\": \"2017-12-11T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2019-04-25T17:08:07\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2018-1360

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-1360

Aliases

CVE-2018-1360

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1360",
    "description": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.",
    "id": "GSD-2018-1360"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1360"
      ],
      "details": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.",
      "id": "GSD-2018-1360",
      "modified": "2023-12-13T01:22:37.235783Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2018-1360",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiManager",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "5.2.0 to 5.2.7"
                        },
                        {
                          "version_value": "5.4.0"
                        },
                        {
                          "version_value": "5.4.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-18-051",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-18-051"
          },
          {
            "name": "108079",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108079"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.7",
                "versionStartIncluding": "5.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2018-1360"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-051",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-18-051"
            },
            {
              "name": "108079",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/108079"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2019-04-25T18:29Z"
    }
  }
}

fkie_cve-2018-1360

Vulnerability from fkie_nvd

Published

2019-04-25 18:29

Modified

2024-11-21 03:59

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@fortinet.com	http://www.securityfocus.com/bid/108079	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-18-051	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108079	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-18-051	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortimanager	*
fortinet	fortimanager	5.4.0
fortinet	fortimanager	5.4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07068D8-E21A-4C42-9111-035612F09F74",
              "versionEndIncluding": "5.2.7",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "849E2A27-7984-426E-A56A-E4D6338E5EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CB5ABE-B76C-4E29-915C-A9BCC50B7A13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de transmisi\u00f3n en texto claro de informaci\u00f3n sensible en Fortinet FortiManager para las versiones desde la 5.2.0 hasta la 5.2.7, 5.4.0 y 5.4.1 un atacante no autenticado puede realizar un ataque man in the middle, y recuperar la contrase\u00f1a de administrador interceptando las respuestas de REST API JSON."
    }
  ],
  "id": "CVE-2018-1360",
  "lastModified": "2024-11-21T03:59:41.327",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-25T18:29:00.333",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108079"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-18-051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-18-051"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-mw85-7jc9-5968

Vulnerability from github

Published

2022-05-24 16:44

Modified

2024-04-04 00:06

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-25T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.",
  "id": "GHSA-mw85-7jc9-5968",
  "modified": "2024-04-04T00:06:47Z",
  "published": "2022-05-24T16:44:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1360"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-18-051"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108079"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. Fortinet FortiManager Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiManager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Fortinet FortiManager versions 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0615",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.0 to  5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:fortinet:fortimanager_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pavel German.",
    "sources": [
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-1360",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-1360",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-123675",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2018-1360",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-1360",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-1360",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-1088",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123675",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. Fortinet FortiManager Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiManager is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nFortinet FortiManager versions 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1360",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "108079",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1434",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-123675",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "id": "VAR-201904-0615",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:25:57.599000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-051",
        "trust": 0.8,
        "url": "https://fortiguard.com/advisory/FG-IR-18-051"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91934"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/108079"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-18-051"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1360"
      },
      {
        "trust": 0.9,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.9,
        "url": "https://fortiguard.com/psirt/fg-ir-18-051"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1360"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-information-disclosure-via-rest-api-json-responses-29117"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/79762"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "BID",
        "id": "108079"
      },
      {
        "date": "2019-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "date": "2019-04-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      },
      {
        "date": "2019-04-25T18:29:00.333000",
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "BID",
        "id": "108079"
      },
      {
        "date": "2019-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "date": "2019-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      },
      {
        "date": "2024-11-21T03:59:41.327000",
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2019-AVI-185

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Fortinet FortiClient et FortiManager. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClient pour Windows versions 6.2.0 et antérieures
Fortinet	FortiManager	FortiManager versions 5.2.0 à 5.2.7, 5.4.0 et 5.4.1
Fortinet	FortiClient	FortiClient pour Mac OSX versions 6.2.0 et antérieures

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-1360 (GCVE-0-2018-1360)

Vulnerability from cvelistv5

gsd-2018-1360

Vulnerability from gsd

fkie_cve-2018-1360

Vulnerability from fkie_nvd

ghsa-mw85-7jc9-5968

Vulnerability from github

var-201904-0615

Vulnerability from variot

CERTFR-2019-AVI-185

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature