The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.
2014-09-10T18:55:02.643
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.4 (MEDIUM)
AV:A/AC:M/Au:N/C:P/I:P/A:P
5.5
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | fortinet | fortios | ≤ 4.3.15 | Yes |
Operating System | fortinet | fortios | 4.3.10 | Yes |
Operating System | fortinet | fortios | 4.3.12 | Yes |
Operating System | fortinet | fortios | 4.3.13 | Yes |
Operating System | fortinet | fortios | 4.3.14 | Yes |
Operating System | fortinet | fortios | 5.0.0 | Yes |
Operating System | fortinet | fortios | 5.0.3 | Yes |
Operating System | fortinet | fortios | 5.0.4 | Yes |
Operating System | fortinet | fortios | 5.0.5 | Yes |
Operating System | fortinet | fortios | 5.0.6 | Yes |
Operating System | fortinet | fortios | 5.0.7 | Yes |