CVE-2018-9194

Name of the Vulnerable Software and Affected Versions: FortiOS versions 5.4.6 through 5.4.9 FortiOS versions 6.0.0 through 6.0.1

Description: The issue is related to a weakness in the implementation of the TLS protocol in FortiOS, specifically in the encryption algorithm. This weakness can be exploited by a remote attacker to decrypt messages without knowing the secret key, potentially leading to a Man-in-the-middle (MiTM) attack. The attack is possible when the VIP SSL feature is used with CPx.

Recommendations: For FortiOS versions 5.4.6 through 5.4.9, update to a version that fixes the TLS protocol implementation issue. For FortiOS versions 6.0.0 through 6.0.1, update to a version that fixes the TLS protocol implementation issue. As a temporary workaround, consider disabling the VIP SSL feature when using CPx until a patch is available.