Cleartext Transmission Vulnerability in Fortinet FortiManager
CVE-2018-1360

8.1HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimanager
Vendor: CVE Published:; 25 April 2019

Summary

A vulnerability in Fortinet FortiManager products allows an unauthorized attacker to intercept sensitive information, such as admin passwords, through unprotected REST API JSON responses. This occurs in versions 5.2.0 to 5.2.7 and 5.4.0 to 5.4.1, potentially compromising system security in a man-in-the-middle attack scenario. Users are recommended to secure their communications to prevent unauthorized data access.

Affected Version(s)

Fortinet FortiManager 5.2.0 to 5.2.7

Fortinet FortiManager 5.4.0

Fortinet FortiManager 5.4.1

References

https://fortiguard.com/advisory/FG-IR-18-051

x_refsource_CONFIRM

http://www.securityfocus.com/bid/108079

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2019
Vulnerability Reserved
Dec 11, 2017