CVE Vulnerabilities

CVE-2015-2323

Published: Aug 11, 2015 | Modified: Dec 03, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

Affected Software

Name Vendor Start Version End Version
Fortios Fortinet 5.0.0 (including) 5.0.0 (including)
Fortios Fortinet 5.0.1 (including) 5.0.1 (including)
Fortios Fortinet 5.0.2 (including) 5.0.2 (including)
Fortios Fortinet 5.0.3 (including) 5.0.3 (including)
Fortios Fortinet 5.0.4 (including) 5.0.4 (including)
Fortios Fortinet 5.0.5 (including) 5.0.5 (including)
Fortios Fortinet 5.0.6 (including) 5.0.6 (including)
Fortios Fortinet 5.0.7 (including) 5.0.7 (including)
Fortios Fortinet 5.0.8 (including) 5.0.8 (including)
Fortios Fortinet 5.0.9 (including) 5.0.9 (including)
Fortios Fortinet 5.0.10 (including) 5.0.10 (including)
Fortios Fortinet 5.0.11 (including) 5.0.11 (including)
Fortios Fortinet 5.2.0 (including) 5.2.0 (including)
Fortios Fortinet 5.2.1 (including) 5.2.1 (including)
Fortios Fortinet 5.2.2 (including) 5.2.2 (including)
Fortios Fortinet 5.2.3 (including) 5.2.3 (including)

References