Main Vulnerability Database SB2019042510

SB2019042510 - Cleartext transmission of sensitive information in Fortinet, FortiManager

Published: April 25, 2019 Updated: August 8, 2020

Security Bulletin ID SB2019042510

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cleartext transmission of sensitive information (CVE-ID: CVE-2018-1360)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.

Remediation

Install update from vendor's website.

References

http://www.securityfocus.com/bid/108079
https://fortiguard.com/advisory/FG-IR-18-051