#VU41343 Cryptographic issues in FortiOS - CVE-2014-0351
Published: September 10, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41343
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-0351
CWE-ID: CWE-310
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
FortiOS
FortiOS
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.
Remediation
Install update from vendor's website.