CVE-2012-4948

Name of the Vulnerable Software and Affected Versions Fortinet Fortigate UTM appliances (affected versions not specified)

Description The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and the same private key across different customers' installations. This makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet CA SSLProxy certificate in a list of trusted root certification authorities.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.