CVE-2016-8495

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
fortinetCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
fortinetfortimanager_firmware
5.0.3
fortinetfortimanager_firmware
5.0.4
fortinetfortimanager_firmware
5.0.5
fortinetfortimanager_firmware
5.0.6
fortinetfortimanager_firmware
5.0.7
fortinetfortimanager_firmware
5.0.8
fortinetfortimanager_firmware
5.0.9
fortinetfortimanager_firmware
5.0.10
fortinetfortimanager_firmware
5.0.11
fortinetfortimanager_firmware
5.2.0
fortinetfortimanager_firmware
5.2.1
fortinetfortimanager_firmware
5.2.2
fortinetfortimanager_firmware
5.2.3
fortinetfortimanager_firmware
5.2.4
fortinetfortimanager_firmware
5.2.6
fortinetfortimanager_firmware
5.2.7
fortinetfortimanager_firmware
5.4.0
fortinetfortimanager_firmware
5.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96157
http://www.securitytracker.com/id/1037805
https://fortiguard.com/advisory/FG-IR-16-055
http://www.securityfocus.com/bid/96157
http://www.securitytracker.com/id/1037805
https://fortiguard.com/advisory/FG-IR-16-055