CVE-2014-0351CVE-2014-0351

Affected configuration(s):

cpe:/o:fortinet:fortios:4.3.10
cpe:/o:fortinet:fortios:4.3.12
cpe:/o:fortinet:fortios:4.3.13
cpe:/o:fortinet:fortios:4.3.14
cpe:/o:fortinet:fortios:4.3.15
cpe:/o:fortinet:fortios:5.0.0
cpe:/o:fortinet:fortios:5.0.3
cpe:/o:fortinet:fortios:5.0.4
cpe:/o:fortinet:fortios:5.0.5
cpe:/o:fortinet:fortios:5.0.6
cpe:/o:fortinet:fortios:5.0.7

Date published: 2014-09-10T14:55:02.643-04:00

Date last modified: 2017-08-28T21:34:08.623-04:00

CVSS Score: 5.4

Principal attack vector: ADJACENT_NETWORK

Complexity:  MEDIUM

Reference URL: http://www.fortiguard.com/advisory/FG-IR-14-006/

Summary: The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.