CVE-2014-0351

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 4.3.16 FortiOS versions 5.x prior to 5.0.8

Description The issue is related to the FortiManager protocol service in Fortinet FortiOS, which does not prevent the use of anonymous ciphersuites. This makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream. The vulnerability can be exploited by a remote attacker to perform a man-in-the-middle attack, gain access to protected information, and redirect network traffic.

Recommendations For FortiOS versions prior to 4.3.16, update to version 4.3.16 or later. For FortiOS versions 5.x prior to 5.0.8, update to version 5.0.8 or later.