An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
2023-09-01T12:15:08.363
2024-11-21T06:46:36.330
Modified
CVSSv3.1: 5.4 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortianalyzer | ≤ 6.0.12 | Yes |
| Application | fortinet | fortianalyzer | ≤ 6.4.7 | Yes |
| Application | fortinet | fortianalyzer | 7.0.0 | Yes |
| Application | fortinet | fortianalyzer | 7.0.1 | Yes |
| Application | fortinet | fortianalyzer | 7.0.2 | Yes |
| Application | fortinet | fortimanager | ≤ 6.0.12 | Yes |
| Application | fortinet | fortimanager | ≤ 6.2.11 | Yes |
| Application | fortinet | fortimanager | ≤ 6.4.6 | Yes |
| Application | fortinet | fortimanager | 7.0.0 | Yes |
| Application | fortinet | fortimanager | 7.0.1 | Yes |
| Application | fortinet | fortisandbox | ≤ 3.0.7 | Yes |
| Application | fortinet | fortisandbox | ≤ 3.1.5 | Yes |
| Application | fortinet | fortisandbox | ≤ 3.2.4 | Yes |
| Application | fortinet | fortisandbox | 3.0.1 | Yes |
| Application | fortinet | fortisandbox | 4.0.0 | Yes |
| Application | fortinet | fortisandbox | 4.0.1 | Yes |
| Application | fortinet | fortisandbox | 4.0.2 | Yes |
| Operating System | fortinet | fortios | ≤ 5.6.14 | Yes |
| Operating System | fortinet | fortios | ≤ 6.0.17 | Yes |
| Operating System | fortinet | fortios | ≤ 6.2.15 | Yes |