var-201809-1121
Vulnerability from variot
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". Fortinet FortiOS Contains a cryptographic vulnerability.Information may be obtained. Fortinet FortiOS is the American Fortinet ( Fortinet ) company developed a set dedicated to FortiGate A secure operating system on a cybersecurity platform. The system provides users with firewall, antivirus, IPSec/SSL VPN , Web Multiple security features such as content filtering and anti-spam. Fortinet FortiOS 5.4.6 version to 5.4.9 Version, 6.0.0 version and 6.0.1 There is a security hole in the version. Attackers can exploit this vulnerability to obtain TLS session key and decrypt TLS flow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201809-1121", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortios", "scope": "eq", "trust": 1.6, "vendor": "fortinet", "version": "6.0.0" }, { "model": "fortios", "scope": "eq", "trust": 1.6, "vendor": "fortinet", "version": "6.0.1" }, { "model": "fortios", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.9" }, { "model": "fortios", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "5.4.6" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "citrix", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "erlang", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "legion of the bouncy castle", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "matrixssl", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "micro focus", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wolfssl", "version": null }, { "model": "fortios", "scope": null, "trust": 0.8, "vendor": "fortinet", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.6, "vendor": "fortinet", "version": "5.4.6" }, { "model": "fortios", "scope": "eq", "trust": 0.6, "vendor": "fortinet", "version": "5.4.9" }, { "model": "fortios", "scope": "eq", "trust": 0.6, "vendor": "fortinet", "version": "5.4.7" }, { "model": "fortios", "scope": "eq", "trust": 0.6, "vendor": "fortinet", "version": "5.4.8" } ], "sources": [ { "db": "CERT/CC", "id": "VU#144389" }, { "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "db": "NVD", "id": "CVE-2018-9192" }, { "db": "CNNVD", "id": "CNNVD-201809-226" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.4.9", "versionStartIncluding": "5.4.6", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-9192" } ] }, "cve": "CVE-2018-9192", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-9192", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-139224", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-9192", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-9192", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201809-226", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-139224", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-139224" }, { "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "db": "NVD", "id": "CVE-2018-9192" }, { "db": "CNNVD", "id": "CNNVD-201809-226" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server\u0027s private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a \"ROBOT attack\". Fortinet FortiOS Contains a cryptographic vulnerability.Information may be obtained. Fortinet FortiOS is the American Fortinet ( Fortinet ) company developed a set dedicated to FortiGate A secure operating system on a cybersecurity platform. The system provides users with firewall, antivirus, IPSec/SSL VPN , Web Multiple security features such as content filtering and anti-spam. Fortinet FortiOS 5.4.6 version to 5.4.9 Version, 6.0.0 version and 6.0.1 There is a security hole in the version. Attackers can exploit this vulnerability to obtain TLS session key and decrypt TLS flow", "sources": [ { "db": "NVD", "id": "CVE-2018-9192" }, { "db": "CERT/CC", "id": "VU#144389" }, { "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "db": "VULHUB", "id": "VHN-139224" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#144389", "trust": 3.3 }, { "db": "NVD", "id": "CVE-2018-9192", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2018-009373", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201809-226", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-139224", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#144389" }, { "db": "VULHUB", "id": "VHN-139224" }, { "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "db": "NVD", "id": "CVE-2018-9192" }, { "db": "CNNVD", "id": "CNNVD-201809-226" } ] }, "id": "VAR-201809-1121", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-139224" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:26:58.746000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-17-302", "trust": 0.8, "url": "https://fortiguard.com/psirt/fg-ir-17-302" }, { "title": "Fortinet FortiOS Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84557" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "db": "CNNVD", "id": "CNNVD-201809-226" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.1 }, { "problemtype": "CWE-310", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-139224" }, { "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "db": "NVD", "id": "CVE-2018-9192" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.kb.cert.org/vuls/id/144389" }, { "trust": 1.7, "url": "https://fortiguard.com/advisory/fg-ir-17-302" }, { "trust": 1.7, "url": "https://robotattack.org/" }, { "trust": 0.8, "url": "https://robotattack.org" }, { "trust": 0.8, "url": "https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf" }, { "trust": 0.8, "url": "http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf" }, { "trust": 0.8, "url": "https://www.cert.org/historical/advisories/ca-1998-07.cfm" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc5246#section-7.4.7.1" }, { "trust": 0.8, "url": "http://cwe.mitre.org/data/definitions/203.html" }, { "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher" }, { "trust": 0.8, "url": "https://support.citrix.com/article/ctx230238" }, { "trust": 0.8, "url": "https://support.f5.com/csp/article/k21905460" }, { "trust": 0.8, "url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c" }, { "trust": 0.8, "url": "https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md" }, { "trust": 0.8, "url": "https://support.microfocus.com/kb/doc.php?id=7022561" }, { "trust": 0.8, "url": "https://github.com/wolfssl/wolfssl/pull/1229" }, { "trust": 0.8, "url": "https://community.rsa.com/docs/doc-85268" }, { "trust": 0.8, "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9192" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-9192" }, { "trust": 0.8, "url": "https://www.kb.cert.org/vuls/id/144389/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#144389" }, { "db": "VULHUB", "id": "VHN-139224" }, { "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "db": "NVD", "id": "CVE-2018-9192" }, { "db": "CNNVD", "id": "CNNVD-201809-226" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#144389" }, { "db": "VULHUB", "id": "VHN-139224" }, { "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "db": "NVD", "id": "CVE-2018-9192" }, { "db": "CNNVD", "id": "CNNVD-201809-226" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-12T00:00:00", "db": "CERT/CC", "id": "VU#144389" }, { "date": "2018-09-05T00:00:00", "db": "VULHUB", "id": "VHN-139224" }, { "date": "2018-11-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "date": "2018-09-05T13:29:00.493000", "db": "NVD", "id": "CVE-2018-9192" }, { "date": "2018-09-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201809-226" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-04-09T00:00:00", "db": "CERT/CC", "id": "VU#144389" }, { "date": "2019-10-03T00:00:00", "db": "VULHUB", "id": "VHN-139224" }, { "date": "2018-11-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-009373" }, { "date": "2019-10-03T00:03:26.223000", "db": "NVD", "id": "CVE-2018-9192" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201809-226" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201809-226" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding", "sources": [ { "db": "CERT/CC", "id": "VU#144389" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201809-226" } ], "trust": 0.6 } }