Sign-up

ID

VAR-201911-1663


CVE

CVE-2018-9195


TITLE

FortiClient and FortiOS Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-016154

DESCRIPTION

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. FortiClient and FortiOS Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiOS and Fortinet FortiClient are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiClient is a mobile terminal security solution. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Fortinet FortiOS 6.0.6 and earlier, FortiClient 6.0.6 and earlier (Windows), and 6.2.1 and earlier (Mac) have a trust management issue vulnerability, which is caused by the use of hard-coded encryption in the FortiGuard service communication protocol key. Attackers can exploit this vulnerability to monitor and modify information

Trust: 1.8

sources: NVD: CVE-2018-9195 // JVNDB: JVNDB-2018-016154 // VULHUB: VHN-139227 // VULMON: CVE-2018-9195

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:lteversion:6.2.1

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.0.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.6

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:(for mac os) 6.2.1

Trust: 0.8

vendor:fortinetmodel:forticlientscope:lteversion:(for windows) 6.0.6

Trust: 0.8

vendor:fortinetmodel:fortiosscope:lteversion:6.0.7

Trust: 0.8

vendor:fortinetmodel:forticlientscope:eqversion:5.0.11

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.9

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.5

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.4.0

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.8

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.6

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.7

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.4.1

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:4.3.0

Trust: 0.6

vendor:fortinetmodel:forticlientscope:eqversion:5.0.10

Trust: 0.6

sources: JVNDB: JVNDB-2018-016154 // CNNVD: CNNVD-201911-1202 // NVD: CVE-2018-9195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9195
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-9195
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-1202
value: MEDIUM

Trust: 0.6

VULHUB: VHN-139227
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-9195
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-9195
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-139227
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9195
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-9195
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-139227 // VULMON: CVE-2018-9195 // JVNDB: JVNDB-2018-016154 // CNNVD: CNNVD-201911-1202 // NVD: CVE-2018-9195

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-139227 // JVNDB: JVNDB-2018-016154 // NVD: CVE-2018-9195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1202

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-1202

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016154

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-139227

PATCH
title:FG-IR-18-100url:https://fortiguard.com/psirt/FG-IR-18-100
Trust: 0.8
title:Fortinet FortiOS  and Fortinet FortiClient Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103602
Trust: 0.6
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/fortiguard-used-hardcoded-key-xor-to-encrypt-communications/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-9195 // 
            
            
            
            JVNDB: JVNDB-2018-016154 // 
            
            
            
            CNNVD: CNNVD-201911-1202

EXTERNAL IDS
db:NVDid:CVE-2018-9195
Trust: 2.6
db:PACKETSTORMid:155463
Trust: 0.8
db:JVNDBid:JVNDB-2018-016154
Trust: 0.8
db:CNNVDid:CNNVD-201911-1202
Trust: 0.7
db:AUSCERTid:ESB-2019.4407
Trust: 0.6
db:CNVDid:CNVD-2020-63489
Trust: 0.1
db:VULHUBid:VHN-139227
Trust: 0.1
db:VULMONid:CVE-2018-9195
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139227 // 
            
            
            
            VULMON: CVE-2018-9195 // 
            
            
            
            JVNDB: JVNDB-2018-016154 // 
            
            
            
            CNNVD: CNNVD-201911-1202 // 
            
            
            
            NVD: CVE-2018-9195

REFERENCES
url:https://fortiguard.com/advisory/fg-ir-18-100
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9195
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9195
Trust: 0.8
url:https://packetstormsecurity.com/files/155463/fortios-6.0.6-forticlientwindows-6.0.6-forticlientmac-6.2.1-xor-encryption.html
Trust: 0.7
url:https://seclists.org/bugtraq/2019/nov/38
Trust: 0.6
url:http://seclists.org/fulldisclosure/2019/nov/22
Trust: 0.6
url:https://fortiguard.com/psirt/fg-ir-18-100
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4407/
Trust: 0.6
url:https://vigilance.fr/vulnerability/fortios-man-in-the-middle-via-fortiguard-services-communication-hard-coded-cryptographic-key-30916
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110918
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139227 // 
            
            
            
            VULMON: CVE-2018-9195 // 
            
            
            
            JVNDB: JVNDB-2018-016154 // 
            
            
            
            CNNVD: CNNVD-201911-1202 // 
            
            
            
            NVD: CVE-2018-9195

CREDITS
Stefan Viehbock
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201911-1202

SOURCES
db:VULHUBid:VHN-139227
db:VULMONid:CVE-2018-9195
db:JVNDBid:JVNDB-2018-016154
db:CNNVDid:CNNVD-201911-1202
db:NVDid:CVE-2018-9195

LAST UPDATE DATE
2024-08-14T13:44:34.192000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139227date:2019-11-27T00:00:00
db:VULMONid:CVE-2018-9195date:2019-11-27T00:00:00
db:JVNDBid:JVNDB-2018-016154date:2019-11-28T00:00:00
db:CNNVDid:CNNVD-201911-1202date:2019-11-28T00:00:00
db:NVDid:CVE-2018-9195date:2020-05-04T13:44:43.313

SOURCES RELEASE DATE
db:VULHUBid:VHN-139227date:2019-11-21T00:00:00
db:VULMONid:CVE-2018-9195date:2019-11-21T00:00:00
db:JVNDBid:JVNDB-2018-016154date:2019-11-28T00:00:00
db:CNNVDid:CNNVD-201911-1202date:2019-11-20T00:00:00
db:NVDid:CVE-2018-9195date:2019-11-21T15:15:12.477