Lucene search

MitreCVE-2015-2323

HistoryAug 11, 2015 - 2:59 p.m.

CVE-2015-2323

2015-08-1114:59:01

CWE-310

mitre

web.nvd.nist.gov

cve-2015-2323

fortios

tls

vulnerability

nvd

man-in-the-middle

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

31.8%

JSON

FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.

Affected configurations

Nvd

Node

fortinetfortiosMatch5.0.0

fortinetfortiosMatch5.0.1

fortinetfortiosMatch5.0.2

fortinetfortiosMatch5.0.3

fortinetfortiosMatch5.0.4

fortinetfortiosMatch5.0.5

fortinetfortiosMatch5.0.6

fortinetfortiosMatch5.0.7

fortinetfortiosMatch5.0.8

fortinetfortiosMatch5.0.9

fortinetfortiosMatch5.0.10

fortinetfortiosMatch5.0.11

fortinetfortiosMatch5.2.0

fortinetfortiosMatch5.2.1

fortinetfortiosMatch5.2.2

fortinetfortiosMatch5.2.3

VendorProductVersionCPE
fortinetfortios5.0.0cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*
fortinetfortios5.0.1cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*
fortinetfortios5.0.2cpe:2.3:o:fortinet:fortios:5.0.2:*:*:*:*:*:*:*
fortinetfortios5.0.3cpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*
fortinetfortios5.0.4cpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*
fortinetfortios5.0.5cpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*
fortinetfortios5.0.6cpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*
fortinetfortios5.0.7cpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*
fortinetfortios5.0.8cpe:2.3:o:fortinet:fortios:5.0.8:*:*:*:*:*:*:*
fortinetfortios5.0.9cpe:2.3:o:fortinet:fortios:5.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	5.0.0	cpe:2.3:o:fortinet:fortios:5.0.0:::::::*
fortinet	fortios	5.0.1	cpe:2.3:o:fortinet:fortios:5.0.1:::::::*
fortinet	fortios	5.0.2	cpe:2.3:o:fortinet:fortios:5.0.2:::::::*
fortinet	fortios	5.0.3	cpe:2.3:o:fortinet:fortios:5.0.3:::::::*
fortinet	fortios	5.0.4	cpe:2.3:o:fortinet:fortios:5.0.4:::::::*
fortinet	fortios	5.0.5	cpe:2.3:o:fortinet:fortios:5.0.5:::::::*
fortinet	fortios	5.0.6	cpe:2.3:o:fortinet:fortios:5.0.6:::::::*
fortinet	fortios	5.0.7	cpe:2.3:o:fortinet:fortios:5.0.7:::::::*
fortinet	fortios	5.0.8	cpe:2.3:o:fortinet:fortios:5.0.8:::::::*
fortinet	fortios	5.0.9	cpe:2.3:o:fortinet:fortios:5.0.9:::::::*

Rows per page:

1-10 of 161

References

fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers

www.fortiguard.com/advisory/FG-IR-15-021/

www.securitytracker.com/id/1033092

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

31.8%

JSON

Related for CVE-2015-2323