admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-91xx/CVE-2018-9195.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

117 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-9195",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2019-11-21T15:15:12.477",
"lastModified": "2020-05-04T13:44:43.313",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below."
},
{
"lang": "es",
"value": "El uso de una clave criptogr\u00e1fica codificada en el protocolo de comunicaci\u00f3n de servicios FortiGuard puede permitir que un Hombre en el medio con conocimiento de la clave escuche y modifique informaci\u00f3n (servicios URL / SPAM en FortiOS 5.6 y servicios URL / SPAM / AV en FortiOS 6.0). ; Clasificaci\u00f3n de URL en FortiClient) enviado y recibido de los servidores de Fortiguard al descifrar estos mensajes. Los productos afectados incluyen FortiClient para Windows 6.0.6 y versiones anteriores, FortiOS 6.0.7 y versiones anteriores , FortiClient para Mac OS 6.2.1 y versiones anteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "6.0.6",
"matchCriteriaId": "FA6A19E5-0059-4F94-A8D8-BBFF6B8C0C1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"versionEndIncluding": "6.2.1",
"matchCriteriaId": "A481CDA4-13C2-4929-934B-B09590E721A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.6",
"matchCriteriaId": "B9A44C4B-988B-45E4-BA76-8984A9AB9AB0"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/advisory/FG-IR-18-100",
"source": "psirt@fortinet.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink