Vulnerability Details CVE-2015-2323
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.9%
CVSS Severity
CVSS v2 Score 6.4
References
- http://fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers
- http://www.fortiguard.com/advisory/FG-IR-15-021/
- http://www.securitytracker.com/id/1033092
- http://fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers
- http://www.fortiguard.com/advisory/FG-IR-15-021/
- http://www.securitytracker.com/id/1033092
Products affected by CVE-2015-2323
-
cpe:2.3:o:fortinet:fortios:5.0.0
-
cpe:2.3:o:fortinet:fortios:5.0.1
-
cpe:2.3:o:fortinet:fortios:5.0.10
-
cpe:2.3:o:fortinet:fortios:5.0.11
-
cpe:2.3:o:fortinet:fortios:5.0.2
-
cpe:2.3:o:fortinet:fortios:5.0.3
-
cpe:2.3:o:fortinet:fortios:5.0.4
-
cpe:2.3:o:fortinet:fortios:5.0.5
-
cpe:2.3:o:fortinet:fortios:5.0.6
-
cpe:2.3:o:fortinet:fortios:5.0.7
-
cpe:2.3:o:fortinet:fortios:5.0.8
-
cpe:2.3:o:fortinet:fortios:5.0.9
-
cpe:2.3:o:fortinet:fortios:5.2.0
-
cpe:2.3:o:fortinet:fortios:5.2.1
-
cpe:2.3:o:fortinet:fortios:5.2.2
-
cpe:2.3:o:fortinet:fortios:5.2.3