CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-1571

The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.1%

CVSS Severity

CVSS v2 Score 4.3

References

http://seclists.org/fulldisclosure/2015/Jan/125
http://www.fortiguard.com/advisory/FG-IR-15-002/
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf
http://seclists.org/fulldisclosure/2015/Jan/125
http://www.fortiguard.com/advisory/FG-IR-15-002/
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf

Products affected by CVE-2015-1571

Fortinet » Fortios » Version: 5.0.7

cpe:2.3:o:fortinet:fortios:5.0.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1571

Products

Pricing

Contact Us