PT-2015-3366 · Fortinet · Fortios

Published

2015-08-11

Updated

2016-12-03

CVE-2015-2323

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions FortiOS versions 5.0.x through 5.0.11 FortiOS versions 5.2.x through 5.2.3

Description The issue is caused by the use of weak ciphers when establishing TLS connections. This can allow a remote attacker to conduct man-in-the-middle attacks and spoof TLS content by modifying packets.

Recommendations For FortiOS versions 5.0.x through 5.0.11, update to version 5.0.12 or later to resolve the issue. For FortiOS versions 5.2.x through 5.2.3, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider disabling the use of anonymous, export, and RC4 ciphers in TLS connections to FortiGuard servers until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2018-01295

CVE-2015-2323

Affected Products

Fortios

PT-2015-3366 · Fortinet · Fortios

CVE-2015-2323

Weakness Enumeration

Related Identifiers

Affected Products

References · 5