VAR-201911-1663
Vulnerability from variot - Updated: 2023-12-18 13:43Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. FortiClient and FortiOS Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiOS and Fortinet FortiClient are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiClient is a mobile terminal security solution. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Fortinet FortiOS 6.0.6 and earlier, FortiClient 6.0.6 and earlier (Windows), and 6.2.1 and earlier (Mac) have a trust management issue vulnerability, which is caused by the use of hard-coded encryption in the FortiGuard service communication protocol key. Attackers can exploit this vulnerability to monitor and modify information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1663",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.1"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "(for mac os) 6.2.1"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "(for windows) 6.0.6"
},
{
"model": "fortios",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.0.7"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.11"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.6"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.7"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.4.1"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "4.3.0"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9195"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehbock",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
],
"trust": 0.6
},
"cve": "CVE-2018-9195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-9195",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-139227",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-9195",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9195",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-139227",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-9195",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. FortiClient and FortiOS Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiOS and Fortinet FortiClient are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiClient is a mobile terminal security solution. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Fortinet FortiOS 6.0.6 and earlier, FortiClient 6.0.6 and earlier (Windows), and 6.2.1 and earlier (Mac) have a trust management issue vulnerability, which is caused by the use of hard-coded encryption in the FortiGuard service communication protocol key. Attackers can exploit this vulnerability to monitor and modify information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-139227",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9195",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "155463",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4407",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-63489",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-139227",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-9195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"id": "VAR-201911-1663",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:43:10.408000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-18-100",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-18-100"
},
{
"title": "Fortinet FortiOS and Fortinet FortiClient Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103602"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/fortiguard-used-hardcoded-key-xor-to-encrypt-communications/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/advisory/fg-ir-18-100"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9195"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9195"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/155463/fortios-6.0.6-forticlientwindows-6.0.6-forticlientmac-6.2.1-xor-encryption.html"
},
{
"trust": 0.6,
"url": "https://seclists.org/bugtraq/2019/nov/38"
},
{
"trust": 0.6,
"url": "http://seclists.org/fulldisclosure/2019/nov/22"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-18-100"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4407/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fortios-man-in-the-middle-via-fortiguard-services-communication-hard-coded-cryptographic-key-30916"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110918"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "VULHUB",
"id": "VHN-139227"
},
{
"date": "2019-11-21T00:00:00",
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"date": "2019-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"date": "2019-11-21T15:15:12.477000",
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-139227"
},
{
"date": "2019-11-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"date": "2019-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"date": "2020-05-04T13:44:43.313000",
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"date": "2019-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiClient and FortiOS Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…