var-201911-1663
Vulnerability from variot
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. FortiClient and FortiOS Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiOS and Fortinet FortiClient are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiClient is a mobile terminal security solution. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Fortinet FortiOS 6.0.6 and earlier, FortiClient 6.0.6 and earlier (Windows), and 6.2.1 and earlier (Mac) have a trust management issue vulnerability, which is caused by the use of hard-coded encryption in the FortiGuard service communication protocol key. Attackers can exploit this vulnerability to monitor and modify information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1663",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortios",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.2.1"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.0.6"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "(for mac os) 6.2.1"
},
{
"model": "forticlient",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "(for windows) 6.0.6"
},
{
"model": "fortios",
"scope": "lte",
"trust": 0.8,
"vendor": "fortinet",
"version": "6.0.7"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.11"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.6"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.7"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.4.1"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "4.3.0"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9195"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehbock",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
],
"trust": 0.6
},
"cve": "CVE-2018-9195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-9195",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-139227",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-9195",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9195",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-139227",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-9195",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. FortiClient and FortiOS Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiOS and Fortinet FortiClient are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiClient is a mobile terminal security solution. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Fortinet FortiOS 6.0.6 and earlier, FortiClient 6.0.6 and earlier (Windows), and 6.2.1 and earlier (Mac) have a trust management issue vulnerability, which is caused by the use of hard-coded encryption in the FortiGuard service communication protocol key. Attackers can exploit this vulnerability to monitor and modify information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-139227",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9195",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "155463",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4407",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-63489",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-139227",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-9195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"id": "VAR-201911-1663",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:43:10.408000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-18-100",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-18-100"
},
{
"title": "Fortinet FortiOS and Fortinet FortiClient Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103602"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/fortiguard-used-hardcoded-key-xor-to-encrypt-communications/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://fortiguard.com/advisory/fg-ir-18-100"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9195"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9195"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/155463/fortios-6.0.6-forticlientwindows-6.0.6-forticlientmac-6.2.1-xor-encryption.html"
},
{
"trust": 0.6,
"url": "https://seclists.org/bugtraq/2019/nov/38"
},
{
"trust": 0.6,
"url": "http://seclists.org/fulldisclosure/2019/nov/22"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-18-100"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4407/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fortios-man-in-the-middle-via-fortiguard-services-communication-hard-coded-cryptographic-key-30916"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110918"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139227"
},
{
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "VULHUB",
"id": "VHN-139227"
},
{
"date": "2019-11-21T00:00:00",
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"date": "2019-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"date": "2019-11-21T15:15:12.477000",
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-139227"
},
{
"date": "2019-11-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-9195"
},
{
"date": "2019-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016154"
},
{
"date": "2020-05-04T13:44:43.313000",
"db": "NVD",
"id": "CVE-2018-9195"
},
{
"date": "2019-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FortiClient and FortiOS Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016154"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1202"
}
],
"trust": 0.6
}
}
Loading...