CVE-2018-1360

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.

Published: Apr 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-1360
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
fortinet / fortimanager	5.4.1	5.4.1.x
fortinet / fortimanager	5.4.0	5.4.0.x
fortinet / fortimanager	5.2.0	5.2.7.x

http://www.securityfocus.com/bid/108079
https://fortiguard.com/advisory/FG-IR-18-051

Vulnerability Database

289,784

CVE-2018-1360