CVE-2018-9194 Information

Description

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server’s private key. Fortinet FortiOS 5.4.6 to 5.4.9 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://fortiguard.com/advisory/FG-IR-17-302 https://robotattack.org/ https://www.kb.cert.org/vuls/id/144389

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9