Main Vulnerability Database Vulnerabilities #VU39672

Information disclosure in FortiOS - CVE-2016-8492

Published: February 8, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39672

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-8492

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.

How to mitigate CVE-2016-8492

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/94480
https://fortiguard.com/advisory/FG-IR-16-067

Information disclosure in FortiOS - CVE-2016-8492

Detailed vulnerability description

How to mitigate CVE-2016-8492

Sources

Please verify you're human