Unrated severityNVD Advisory· Published Nov 21, 2019· Updated Oct 25, 2024
CVE-2018-9195
CVE-2018-9195
Description
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.
Affected products
5<=6.0.6 (Windows) or <=6.2.1 (Mac OS)+ 2 more
- (no CPE)range: <=6.0.6 (Windows) or <=6.2.1 (Mac OS)
- (no CPE)range: FortiClient for Mac OS 6.2.1 and below
- (no CPE)range: FortiClient for Windows 6.0.6 and below
Patches
Vulnerability mechanics
References
1- fortiguard.com/advisory/FG-IR-18-100mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.