Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-0351


The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.


Published

2014-09-10T18:55:02.643

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.4 (MEDIUM)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.5

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-310

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System fortinet fortios ≤ 4.3.15 Yes
Operating System fortinet fortios 4.3.10 Yes
Operating System fortinet fortios 4.3.12 Yes
Operating System fortinet fortios 4.3.13 Yes
Operating System fortinet fortios 4.3.14 Yes
Operating System fortinet fortios 5.0.0 Yes
Operating System fortinet fortios 5.0.3 Yes
Operating System fortinet fortios 5.0.4 Yes
Operating System fortinet fortios 5.0.5 Yes
Operating System fortinet fortios 5.0.6 Yes
Operating System fortinet fortios 5.0.7 Yes

References