VYPR
Unrated severityNVD Advisory· Published Nov 21, 2019· Updated Oct 25, 2024

CVE-2018-9195

CVE-2018-9195

Description

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.

Affected products

5
  • Fortinet/Forticlientllm-fuzzy3 versions
    <=6.0.6 (Windows) or <=6.2.1 (Mac OS)+ 2 more
    • (no CPE)range: <=6.0.6 (Windows) or <=6.2.1 (Mac OS)
    • (no CPE)range: FortiClient for Mac OS 6.2.1 and below
    • (no CPE)range: FortiClient for Windows 6.0.6 and below
  • Fortinet/Fortiosllm-fuzzy2 versions
    <=6.0.7+ 1 more
    • (no CPE)range: <=6.0.7
    • (no CPE)range: FortiOS 6.0.7 and below

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.