An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-16-055 | Vendor Advisory |
http://www.securityfocus.com/bid/96157 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037805 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2017-02-13 07:59
Updated : 2017-07-24 18:29
NVD link : CVE-2016-8495
Mitre link : CVE-2016-8495
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
fortinet
- fortimanager_firmware