CVE-2018-9195

5.9MEDIUM

Key Information:

Vendor: Fortinet
Status: Forticlient For Windows; FortiOS; Forticlient For Mac Os
Vendor: CVE Published:; 21 November 2019

Summary

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.

Affected Version(s)

FortiClient for Mac OS FortiClient for Mac OS 6.2.1 and below

FortiClient for Windows FortiClient for Windows 6.0.6 and below

FortiOS FortiOS 6.0.7 and below

References

https://fortiguard.com/advisory/FG-IR-18-100

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 21, 2019
Vulnerability Reserved
Apr 2, 2018