FortiOS and FortiClient Man-In-The-Middle Attack privilege escalation vulnerability (CVE-2018-9195)

Summary: FortiOS has been reported with an unquoted service path vulnerability. FortiClient FortiTray of FortiClientConsole executable service path is the vulnerable component that leads to escalated privileges. Description: For Mac and Windows Fortigate products like FortiOS for FortiGate firewalls and the FortiClient endpoint antivirus.,uses a weak encryption cipher (XOR) and hardcoded cryptographic keys to communicate … Continue reading “FortiOS and FortiClient Man-In-The-Middle Attack privilege escalation vulnerability (CVE-2018-9195)”