CVE-2018-1360Cleartext Transmission of Sensitive Info in Fortinet Fortimanager

CWE-319Cleartext Transmission of Sensitive Info5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 65.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimanagerFortinet INC Fortinet Fortimanager
Timeline
PublishedApr 25
Latest updateMay 24

Description

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortimanager5.2.05.2.7+2
CVEListV5fortinet_inc/fortinet_fortimanager5.2.0 to 5.2.7, 5.4.0, 5.4.1+2

🔴Vulnerability Details

2
GHSA
GHSA-mw85-7jc9-5968: A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 52022-05-24
CVEList
CVE-2018-1360: A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 52019-04-25

📋Vendor Advisories

1
Fortinet
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and...2019-04-25
CVE-2018-1360 — Fortinet Fortimanager vulnerability | cvebase