A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-17-302 | Vendor Advisory |
https://robotattack.org/ | Third Party Advisory |
https://www.kb.cert.org/vuls/id/144389 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2018-08-27T00:00:00
Updated: 2018-09-05T12:57:01
Reserved: 2018-04-02T00:00:00
Link: CVE-2018-9194
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-05T13:29:00.637
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-9194
JSON object: View
Redhat Information
No data.
CWE