Details of VAR-201809-1121

ID

VAR-201809-1121

CVE

CVE-2018-9192

TITLE

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding

Trust: 0.8

sources: CERT/CC: VU#144389

DESCRIPTION

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". Fortinet FortiOS Contains a cryptographic vulnerability.Information may be obtained. Fortinet FortiOS is the American Fortinet ( Fortinet ) company developed a set dedicated to FortiGate A secure operating system on a cybersecurity platform. The system provides users with firewall, antivirus, IPSec/SSL VPN , Web Multiple security features such as content filtering and anti-spam. Fortinet FortiOS 5.4.6 version to 5.4.9 Version, 6.0.0 version and 6.0.1 There is a security hole in the version. Attackers can exploit this vulnerability to obtain TLS session key and decrypt TLS flow

Trust: 2.43

sources: NVD: CVE-2018-9192 // CERT/CC: VU#144389 // JVNDB: JVNDB-2018-009373 // VULHUB: VHN-139224

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	fortinet	model:	fortios	scope:	lte	version:	5.4.9	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.4.6	Trust: 1.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	erlang	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	legion of the bouncy castle	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	matrixssl	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	micro focus	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	wolfssl	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.6	Trust: 0.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.9	Trust: 0.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.7	Trust: 0.6
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.8	Trust: 0.6

sources: CERT/CC: VU#144389 // JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226 // NVD: CVE-2018-9192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-9192
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-9192
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201809-226
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-139224
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-9192
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-139224
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-9192
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-139224 // JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226 // NVD: CVE-2018-9192

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.1
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-139224 // JVNDB: JVNDB-2018-009373 // NVD: CVE-2018-9192

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-226

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201809-226

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009373

PATCH

title:	FG-IR-17-302	url:	https://fortiguard.com/psirt/FG-IR-17-302	Trust: 0.8
title:	Fortinet FortiOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84557	Trust: 0.6

sources: JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226

EXTERNAL IDS

db:	CERT/CC	id:	VU#144389	Trust: 3.3
db:	NVD	id:	CVE-2018-9192	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-009373	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-226	Trust: 0.7
db:	VULHUB	id:	VHN-139224	Trust: 0.1

sources: CERT/CC: VU#144389 // VULHUB: VHN-139224 // JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226 // NVD: CVE-2018-9192

REFERENCES

url:	https://www.kb.cert.org/vuls/id/144389	Trust: 1.7
url:	https://fortiguard.com/advisory/fg-ir-17-302	Trust: 1.7
url:	https://robotattack.org/	Trust: 1.7
url:	https://robotattack.org	Trust: 0.8
url:	https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf	Trust: 0.8
url:	http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf	Trust: 0.8
url:	https://www.cert.org/historical/advisories/ca-1998-07.cfm	Trust: 0.8
url:	https://tools.ietf.org/html/rfc5246#section-7.4.7.1	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/203.html	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher	Trust: 0.8
url:	https://support.citrix.com/article/ctx230238	Trust: 0.8
url:	https://support.f5.com/csp/article/k21905460	Trust: 0.8
url:	https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c	Trust: 0.8
url:	https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md	Trust: 0.8
url:	https://support.microfocus.com/kb/doc.php?id=7022561	Trust: 0.8
url:	https://github.com/wolfssl/wolfssl/pull/1229	Trust: 0.8
url:	https://community.rsa.com/docs/doc-85268	Trust: 0.8
url:	https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9192	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-9192	Trust: 0.8
url:	https://www.kb.cert.org/vuls/id/144389/	Trust: 0.8

sources: CERT/CC: VU#144389 // VULHUB: VHN-139224 // JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226 // NVD: CVE-2018-9192

SOURCES

db:	CERT/CC	id:	VU#144389
db:	VULHUB	id:	VHN-139224
db:	JVNDB	id:	JVNDB-2018-009373
db:	CNNVD	id:	CNNVD-201809-226
db:	NVD	id:	CVE-2018-9192

LAST UPDATE DATE

2024-08-14T12:16:00.428000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#144389	date:	2018-04-09T00:00:00
db:	VULHUB	id:	VHN-139224	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-009373	date:	2018-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201809-226	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-9192	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#144389	date:	2017-12-12T00:00:00
db:	VULHUB	id:	VHN-139224	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-009373	date:	2018-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201809-226	date:	2018-09-06T00:00:00
db:	NVD	id:	CVE-2018-9192	date:	2018-09-05T13:29:00.493