CVE-2018-9195

🗓️ 21 Nov 2019 14:59:52Reported by fortinetType

Use of hardcoded cryptographic key in FortiGuard services protocol may allow Man in the middle to eavesdrop and modify informatio

Reporter	Title	Published	Views	Family All 17
0day.today	FortiOS 6.0.6 / FortiClientWindows 6.0.6 / FortiClientMac 6.2.1 XOR Encryption Vulnerability	29 Nov 201900:00	–	zdt
ATTACKERKB	CVE-2018-9195	21 Nov 201915:15	–	attackerkb
BDU FSTEC	The vulnerability affects the implementation of URL/SPAM/AV filtering in FortiOS and Fortinet’s FortiClient for Windows and FortiClient for Mac security solutions. This allows attackers to execute a type of “man-in-the-middle” attack.	31 Oct 202200:00	–	bdu_fstec
CNVD	Fortinet FortiOS and Fortinet FortiClient Trust Management Issues Vulnerability	22 Nov 201900:00	–	cnvd
CVE	CVE-2018-9195	21 Nov 201914:59	–	cve
EUVD	EUVD-2018-20792	7 Oct 202500:30	–	euvd
Fortinet	Protect	5 Dec 201900:00	–	fortinet
Tenable Nessus	Fortinet FortiClient < 6.2.0 Information Disclosure MitM (FG-IR-18-100)	25 Nov 201900:00	–	nessus
Tenable Nessus	Fortinet FortiOS < 5.6.12 / 6.x < 6.0.8 Information Disclosure MitM (FG-IR-18-100)	25 Nov 201900:00	–	nessus
Tenable Nessus	Fortinet FortiClient < 6.2.2 Information Disclosure MitM (FG-IR-18-100) (macOS)	25 Nov 201900:00	–	nessus

[
  {
    "product": "FortiClient for Windows",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiClient for Windows 6.0.6 and below"
      }
    ]
  },
  {
    "product": "FortiOS",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiOS 6.0.7 and below"
      }
    ]
  },
  {
    "product": "FortiClient for Mac OS",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiClient for Mac OS 6.2.1 and below"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/advisory/FG-IR-18-100

27 Nov 2019 20:52Current

5.7Medium risk

Vulners AI Score5.7

EPSS0.00297