CVE Vulnerabilities

CVE-2015-2323

Published: Aug 11, 2015 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

Affected Software

Name Vendor Start Version End Version
Fortios Fortinet 5.0.0 (including) 5.0.0 (including)
Fortios Fortinet 5.0.1 (including) 5.0.1 (including)
Fortios Fortinet 5.0.2 (including) 5.0.2 (including)
Fortios Fortinet 5.0.3 (including) 5.0.3 (including)
Fortios Fortinet 5.0.4 (including) 5.0.4 (including)
Fortios Fortinet 5.0.5 (including) 5.0.5 (including)
Fortios Fortinet 5.0.6 (including) 5.0.6 (including)
Fortios Fortinet 5.0.7 (including) 5.0.7 (including)
Fortios Fortinet 5.0.8 (including) 5.0.8 (including)
Fortios Fortinet 5.0.9 (including) 5.0.9 (including)
Fortios Fortinet 5.0.10 (including) 5.0.10 (including)
Fortios Fortinet 5.0.11 (including) 5.0.11 (including)
Fortios Fortinet 5.2.0 (including) 5.2.0 (including)
Fortios Fortinet 5.2.1 (including) 5.2.1 (including)
Fortios Fortinet 5.2.2 (including) 5.2.2 (including)
Fortios Fortinet 5.2.3 (including) 5.2.3 (including)

References