ID

VAR-201809-1121


CVE

CVE-2018-9192


TITLE

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding

Trust: 0.8

sources: CERT/CC: VU#144389

DESCRIPTION

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". Fortinet FortiOS Contains a cryptographic vulnerability.Information may be obtained. Fortinet FortiOS is the American Fortinet ( Fortinet ) company developed a set dedicated to FortiGate A secure operating system on a cybersecurity platform. The system provides users with firewall, antivirus, IPSec/SSL VPN , Web Multiple security features such as content filtering and anti-spam. Fortinet FortiOS 5.4.6 version to 5.4.9 Version, 6.0.0 version and 6.0.1 There is a security hole in the version. Attackers can exploit this vulnerability to obtain TLS session key and decrypt TLS flow

Trust: 2.43

sources: NVD: CVE-2018-9192 // CERT/CC: VU#144389 // JVNDB: JVNDB-2018-009373 // VULHUB: VHN-139224

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:eqversion:6.0.0

Trust: 1.6

vendor:fortinetmodel:fortiosscope:eqversion:6.0.1

Trust: 1.6

vendor:fortinetmodel:fortiosscope:lteversion:5.4.9

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.4.6

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:citrixmodel: - scope: - version: -

Trust: 0.8

vendor:erlangmodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:legion of the bouncy castlemodel: - scope: - version: -

Trust: 0.8

vendor:matrixsslmodel: - scope: - version: -

Trust: 0.8

vendor:micro focusmodel: - scope: - version: -

Trust: 0.8

vendor:wolfsslmodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiosscope: - version: -

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.4.6

Trust: 0.6

vendor:fortinetmodel:fortiosscope:eqversion:5.4.9

Trust: 0.6

vendor:fortinetmodel:fortiosscope:eqversion:5.4.7

Trust: 0.6

vendor:fortinetmodel:fortiosscope:eqversion:5.4.8

Trust: 0.6

sources: CERT/CC: VU#144389 // JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226 // NVD: CVE-2018-9192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9192
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-9192
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-226
value: MEDIUM

Trust: 0.6

VULHUB: VHN-139224
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-9192
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139224
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9192
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139224 // JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226 // NVD: CVE-2018-9192

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.1

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-139224 // JVNDB: JVNDB-2018-009373 // NVD: CVE-2018-9192

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-226

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201809-226

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009373

PATCH

title:FG-IR-17-302url:https://fortiguard.com/psirt/FG-IR-17-302

Trust: 0.8

title:Fortinet FortiOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84557

Trust: 0.6

sources: JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226

EXTERNAL IDS

db:CERT/CCid:VU#144389

Trust: 3.3

db:NVDid:CVE-2018-9192

Trust: 2.5

db:JVNDBid:JVNDB-2018-009373

Trust: 0.8

db:CNNVDid:CNNVD-201809-226

Trust: 0.7

db:VULHUBid:VHN-139224

Trust: 0.1

sources: CERT/CC: VU#144389 // VULHUB: VHN-139224 // JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226 // NVD: CVE-2018-9192

REFERENCES

url:https://www.kb.cert.org/vuls/id/144389

Trust: 1.7

url:https://fortiguard.com/advisory/fg-ir-17-302

Trust: 1.7

url:https://robotattack.org/

Trust: 1.7

url:https://robotattack.org

Trust: 0.8

url:https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf

Trust: 0.8

url:http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf

Trust: 0.8

url:https://www.cert.org/historical/advisories/ca-1998-07.cfm

Trust: 0.8

url:https://tools.ietf.org/html/rfc5246#section-7.4.7.1

Trust: 0.8

url:http://cwe.mitre.org/data/definitions/203.html

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher

Trust: 0.8

url:https://support.citrix.com/article/ctx230238

Trust: 0.8

url:https://support.f5.com/csp/article/k21905460

Trust: 0.8

url:https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c

Trust: 0.8

url:https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md

Trust: 0.8

url:https://support.microfocus.com/kb/doc.php?id=7022561

Trust: 0.8

url:https://github.com/wolfssl/wolfssl/pull/1229

Trust: 0.8

url:https://community.rsa.com/docs/doc-85268

Trust: 0.8

url:https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9192

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-9192

Trust: 0.8

url:https://www.kb.cert.org/vuls/id/144389/

Trust: 0.8

sources: CERT/CC: VU#144389 // VULHUB: VHN-139224 // JVNDB: JVNDB-2018-009373 // CNNVD: CNNVD-201809-226 // NVD: CVE-2018-9192

SOURCES

db:CERT/CCid:VU#144389
db:VULHUBid:VHN-139224
db:JVNDBid:JVNDB-2018-009373
db:CNNVDid:CNNVD-201809-226
db:NVDid:CVE-2018-9192

LAST UPDATE DATE

2024-08-14T12:16:00.428000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#144389date:2018-04-09T00:00:00
db:VULHUBid:VHN-139224date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-009373date:2018-11-16T00:00:00
db:CNNVDid:CNNVD-201809-226date:2019-10-23T00:00:00
db:NVDid:CVE-2018-9192date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:CERT/CCid:VU#144389date:2017-12-12T00:00:00
db:VULHUBid:VHN-139224date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-009373date:2018-11-16T00:00:00
db:CNNVDid:CNNVD-201809-226date:2018-09-06T00:00:00
db:NVDid:CVE-2018-9192date:2018-09-05T13:29:00.493