Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.
History

Fri, 25 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2019-11-21T14:59:52

Updated: 2024-10-25T14:05:09.966Z

Reserved: 2018-04-02T00:00:00

Link: CVE-2018-9195

cve-icon Vulnrichment

Updated: 2024-08-05T07:17:51.638Z

cve-icon NVD

Status : Modified

Published: 2019-11-21T15:15:12.477

Modified: 2024-11-21T04:15:09.337

Link: CVE-2018-9195

cve-icon Redhat

No data.