Vulnerability Description
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | >= 5.4.6, <= 5.4.9 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/advisory/FG-IR-17-302Vendor Advisory
- https://robotattack.org/Third Party Advisory
- https://www.kb.cert.org/vuls/id/144389Third Party AdvisoryUS Government Resource
- https://fortiguard.com/advisory/FG-IR-17-302Vendor Advisory
- https://robotattack.org/Third Party Advisory
- https://www.kb.cert.org/vuls/id/144389Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-9194?
CVE-2018-9194 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to ...
How severe is CVE-2018-9194?
CVE-2018-9194 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9194?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios.