Main Vulnerability Database Vulnerabilities #VU36728

#VU36728 Input validation error in FortiOS - CVE-2018-9192

Published: September 5, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36728

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-9192

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.

Remediation

Install update from vendor's website.

#VU36728 Input validation error in FortiOS - CVE-2018-9192

Description

Remediation

External links