CVE-2018-9195

MEDIUM Year: 2018
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-798
View all →

Vulnerability Description

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below.

Related Vulnerabilities

CVE-2015-7276

MEDIUM
CVSS:5.9(Medium)

Technicolor C2000T and C2100T uses hard-coded cryptographic keys.

CWE-7982015

CVE-2018-12240

MEDIUM
CVSS:5.9(Medium)

The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihoo...

CWE-7982018

CVE-2018-16546

MEDIUM
CVSS:5.9(Medium)

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kn...

CWE-7982018

CVE-2018-9073

MEDIUM
CVSS:5.9(Medium)

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised t...

CWE-7982018

CVE-2019-13399

MEDIUM
CVSS:5.9(Medium)

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.

CWE-7982019

CVE-2019-15802

MEDIUM
CVSS:5.9(Medium)

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal....

CWE-7982019