CVE-2018-9192

{"id": "CVE-2018-9192", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-09-05T13:29:00.493", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-17-302", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://robotattack.org/", "tags": ["Third Party Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://www.kb.cert.org/vuls/id/144389", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/advisory/FG-IR-17-302", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://robotattack.org/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/144389", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used."}, {"lang": "es", "value": "Podr\u00eda ser posible recuperar en texto plano mensajes cifrados o realizar un ataque Man-in-the-Middle (MitM) en el cifrado RSA PKCS #1 v1.5 sin conocer la clave privada del servidor. Fortinet FortiOS, de la versi\u00f3n 5.4.6 a la 5.4.9 y las versiones 6.0.0 y 6.0.1, son vulnerables por medio de dichos ataques bajo la funcionalidad SSL Deep Inspection cuando se emplea CPx."}], "lastModified": "2024-11-21T04:15:08.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9690D76F-27B1-439A-8BD3-4B6FAC24C029", "versionEndIncluding": "5.4.9", "versionStartIncluding": "5.4.6"}, {"criteria": "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3907C1C9-EAEB-4287-82DA-06F242DEA639"}, {"criteria": "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52A0DB21-C876-4DD3-95ED-8BA0483F0BD4"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}