First published: Wed Sep 10 2014(Updated: )
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiOS | <=4.3.15 | |
Fortinet FortiOS | =4.3.10 | |
Fortinet FortiOS | =4.3.12 | |
Fortinet FortiOS | =4.3.13 | |
Fortinet FortiOS | =4.3.14 | |
Fortinet FortiOS | =5.0.0 | |
Fortinet FortiOS | =5.0.3 | |
Fortinet FortiOS | =5.0.4 | |
Fortinet FortiOS | =5.0.5 | |
Fortinet FortiOS | =5.0.6 | |
Fortinet FortiOS | =5.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.