CVE-2018-9192Observable Discrepancy in Fortinet Fortios

CWE-203Observable DiscrepancyCWE-674Uncontrolled Recursion6 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 62.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet INC Fortios
Timeline
PublishedSep 5
Latest updateMay 13

Description

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortios5.4.65.4.9+2
CVEListV5fortinet_inc/fortios5.4.9, 5.4.8, 5.4.7, 5.4.6, 6.0.1, 6.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-v3qq-w6xc-rjmw: A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v12022-05-13
CVEList
CVE-2018-9192: A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v12018-09-05

📋Vendor Advisories

2
Red Hat
glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c2019-02-26
Fortinet
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be po...2018-09-05

💬Community

1
Bugzilla
CVE-2019-9192 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c2019-03-01
CVE-2018-9192 — Observable Discrepancy in Fortinet | cvebase