Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2018-9192

A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.

  • Published: Sep 5, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-9192
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.9
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
fortinet / fortios 6.0.0 6.0.0.x
fortinet / fortios 6.0.1 6.0.1.x
fortinet / fortios 5.4.6 5.4.9.x