CVE-2014-0351

Fortinet FortiOS <4.3.16 & 5.x <5.0.8 - Info Disclosure

Title source: llm

Description

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/96119

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69754

Vendor Advisory x_refsource_confirm

http://www.fortiguard.com/advisory/FG-IR-14-006/

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/730964

Scores

EPSS 0.0007

EPSS Percentile 21.7%

Details

CWE

CWE-310

Status published

Products (11)

fortinet/fortios 4.3.10

fortinet/fortios 4.3.12

fortinet/fortios 4.3.13

fortinet/fortios 4.3.14

fortinet/fortios 5.0.0

fortinet/fortios 5.0.3

fortinet/fortios 5.0.4

fortinet/fortios 5.0.5

fortinet/fortios 5.0.6

fortinet/fortios 5.0.7

... and 1 more

Published Sep 10, 2014

Tracked Since Feb 18, 2026