5.4

CVE-2014-0351

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiOS Version <= 4.3.15
FortinetFortiOS Version4.3.10
FortinetFortiOS Version4.3.12
FortinetFortiOS Version4.3.13
FortinetFortiOS Version4.3.14
FortinetFortiOS Version5.0.0
FortinetFortiOS Version5.0.3
FortinetFortiOS Version5.0.4
FortinetFortiOS Version5.0.5
FortinetFortiOS Version5.0.6
FortinetFortiOS Version5.0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.436
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 5.5 6.4
AV:A/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.fortiguard.com/advisory/FG-IR-14-006/
Vendor Advisory
http://www.kb.cert.org/vuls/id/730964
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/69754
https://exchange.xforce.ibmcloud.com/vulnerabilities/96119