CVE-2018-9195

Published: Nov 21, 2019

Modified: Oct 25, 2024

PUBLISHED

Description

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.

Vendor	Product	Versions
Fortinet	FortiClient for Windows	affected `FortiClient for Windows 6.0.6 and below`
Fortinet	FortiOS	affected `FortiOS 6.0.7 and below`
Fortinet	FortiClient for Mac OS	affected `FortiClient for Mac OS 6.2.1 and below`

References

https://fortiguard.com/advisory/FG-IR-18-100

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-9195

Description

Affected Products

References