ID

VAR-201911-1663


CVE

CVE-2018-9195


TITLE

FortiClient and FortiOS Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-016154

DESCRIPTION

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. FortiClient and FortiOS Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiOS and Fortinet FortiClient are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiClient is a mobile terminal security solution. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Fortinet FortiOS 6.0.6 and earlier, FortiClient 6.0.6 and earlier (Windows), and 6.2.1 and earlier (Mac) have a trust management issue vulnerability, which is caused by the use of hard-coded encryption in the FortiGuard service communication protocol key. Attackers can exploit this vulnerability to monitor and modify information

Trust: 1.8

sources: NVD: CVE-2018-9195 // JVNDB: JVNDB-2018-016154 // VULHUB: VHN-139227 // VULMON: CVE-2018-9195

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:lteversion:6.2.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.0.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.6

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:(for mac os) 6.2.1

Trust: 0.8

vendor:fortinetmodel:forticlientscope:lteversion:(for windows) 6.0.6

Trust: 0.8

vendor:fortinetmodel:fortiosscope:lteversion:6.0.7

Trust: 0.8

vendor:fortinetmodel:forticlientscope:eqversion:5.0.11

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.9

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.5

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.4.0

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.8

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.6

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.7

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.4.1

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:4.3.0

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.10

Trust: 0.6

sources: JVNDB: JVNDB-2018-016154 // CNNVD: CNNVD-201911-1202 // NVD: CVE-2018-9195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9195
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-9195
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-1202
value: MEDIUM

Trust: 0.6

VULHUB: VHN-139227
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-9195
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-9195
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-139227
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9195
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-9195
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-139227 // VULMON: CVE-2018-9195 // JVNDB: JVNDB-2018-016154 // CNNVD: CNNVD-201911-1202 // NVD: CVE-2018-9195

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-139227 // JVNDB: JVNDB-2018-016154 // NVD: CVE-2018-9195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1202

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-1202

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016154

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-139227

PATCH

title:FG-IR-18-100url:https://fortiguard.com/psirt/FG-IR-18-100

Trust: 0.8

title:Fortinet FortiOS and Fortinet FortiClient Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103602

Trust: 0.6

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/fortiguard-used-hardcoded-key-xor-to-encrypt-communications/

Trust: 0.1

sources: VULMON: CVE-2018-9195 // JVNDB: JVNDB-2018-016154 // CNNVD: CNNVD-201911-1202

EXTERNAL IDS

db:NVDid:CVE-2018-9195

Trust: 2.6

db:PACKETSTORMid:155463

Trust: 0.8

db:JVNDBid:JVNDB-2018-016154

Trust: 0.8

db:CNNVDid:CNNVD-201911-1202

Trust: 0.7

db:AUSCERTid:ESB-2019.4407

Trust: 0.6

db:CNVDid:CNVD-2020-63489

Trust: 0.1

db:VULHUBid:VHN-139227

Trust: 0.1

db:VULMONid:CVE-2018-9195

Trust: 0.1

sources: VULHUB: VHN-139227 // VULMON: CVE-2018-9195 // JVNDB: JVNDB-2018-016154 // CNNVD: CNNVD-201911-1202 // NVD: CVE-2018-9195

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-18-100

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-9195

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9195

Trust: 0.8

url:https://packetstormsecurity.com/files/155463/fortios-6.0.6-forticlientwindows-6.0.6-forticlientmac-6.2.1-xor-encryption.html

Trust: 0.7

url:https://seclists.org/bugtraq/2019/nov/38

Trust: 0.6

url:http://seclists.org/fulldisclosure/2019/nov/22

Trust: 0.6

url:https://fortiguard.com/psirt/fg-ir-18-100

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4407/

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortios-man-in-the-middle-via-fortiguard-services-communication-hard-coded-cryptographic-key-30916

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/798.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110918

Trust: 0.1

sources: VULHUB: VHN-139227 // VULMON: CVE-2018-9195 // JVNDB: JVNDB-2018-016154 // CNNVD: CNNVD-201911-1202 // NVD: CVE-2018-9195

CREDITS

Stefan Viehbock

Trust: 0.6

sources: CNNVD: CNNVD-201911-1202

SOURCES

db:VULHUBid:VHN-139227
db:VULMONid:CVE-2018-9195
db:JVNDBid:JVNDB-2018-016154
db:CNNVDid:CNNVD-201911-1202
db:NVDid:CVE-2018-9195

LAST UPDATE DATE

2024-08-14T13:44:34.192000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-139227date:2019-11-27T00:00:00
db:VULMONid:CVE-2018-9195date:2019-11-27T00:00:00
db:JVNDBid:JVNDB-2018-016154date:2019-11-28T00:00:00
db:CNNVDid:CNNVD-201911-1202date:2019-11-28T00:00:00
db:NVDid:CVE-2018-9195date:2020-05-04T13:44:43.313

SOURCES RELEASE DATE

db:VULHUBid:VHN-139227date:2019-11-21T00:00:00
db:VULMONid:CVE-2018-9195date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2018-016154date:2019-11-28T00:00:00
db:CNNVDid:CNNVD-201911-1202date:2019-11-20T00:00:00
db:NVDid:CVE-2018-9195date:2019-11-21T15:15:12.477