CVE Vulnerabilities

CVE-2012-4948

Improper Certificate Validation

Published: Nov 14, 2012 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.3 MEDIUM
AV:A/AC:H/Au:N/C:C/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Fortigate-1000c Fortinet - (including) - (including)
Fortigate-100d Fortinet - (including) - (including)
Fortigate-110c Fortinet - (including) - (including)
Fortigate-1240b Fortinet - (including) - (including)
Fortigate-200b Fortinet - (including) - (including)
Fortigate-20c Fortinet - (including) - (including)
Fortigate-300c Fortinet - (including) - (including)
Fortigate-3040b Fortinet - (including) - (including)
Fortigate-310b Fortinet - (including) - (including)
Fortigate-311b Fortinet - (including) - (including)
Fortigate-3140b Fortinet - (including) - (including)
Fortigate-3240c Fortinet - (including) - (including)
Fortigate-3810a Fortinet - (including) - (including)
Fortigate-3950b Fortinet - (including) - (including)
Fortigate-40c Fortinet - (including) - (including)
Fortigate-5001a-sw Fortinet - (including) - (including)
Fortigate-5001b Fortinet - (including) - (including)
Fortigate-5020 Fortinet - (including) - (including)
Fortigate-5060 Fortinet - (including) - (including)
Fortigate-50b Fortinet - (including) - (including)
Fortigate-5101c Fortinet - (including) - (including)
Fortigate-5140b Fortinet - (including) - (including)
Fortigate-600c Fortinet - (including) - (including)
Fortigate-60c Fortinet - (including) - (including)
Fortigate-620b Fortinet - (including) - (including)
Fortigate-800c Fortinet - (including) - (including)
Fortigate-80c Fortinet - (including) - (including)
Fortigate-voice-80c Fortinet - (including) - (including)
Fortigaterugged-100c Fortinet - (including) - (including)

Potential Mitigations

References