CVE-2015-2323

EUVD-2015-2416
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
fortinetfortios
5.0.0
fortinetfortios
5.0.1
fortinetfortios
5.0.2
fortinetfortios
5.0.3
fortinetfortios
5.0.4
fortinetfortios
5.0.5
fortinetfortios
5.0.6
fortinetfortios
5.0.7
fortinetfortios
5.0.8
fortinetfortios
5.0.9
fortinetfortios
5.0.10
fortinetfortios
5.0.11
fortinetfortios
5.2.0
fortinetfortios
5.2.1
fortinetfortios
5.2.2
fortinetfortios
5.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers
http://www.fortiguard.com/advisory/FG-IR-15-021/
http://www.securitytracker.com/id/1033092
http://fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers
http://www.fortiguard.com/advisory/FG-IR-15-021/
http://www.securitytracker.com/id/1033092