vulnerability

Fortinet FortiOS: Exposure of Sensitive Information to an Unauthorized Actor (CVE-2018-9185)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Jul 5, 2018

Added

Sep 6, 2019

Modified

May 28, 2026

Description

An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.

Solution

fortios-upgrade-latest

References

CVE-2018-9185
https://attackerkb.com/topics/CVE-2018-9185
CWE-200
EUVD-EUVD-2018-20782
http://www.securityfocus.com/bid/104535
http://www.securitytracker.com/id/1041186
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-20782
https://fortiguard.com/advisory/FG-IR-18-027

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report