2 matches found
Design/Logic Flaw
DISPUTED The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the FortinetFactory certificate...
CVE-2015-1451
CVE-2015-1451 refers to multiple XSS vulnerabilities in Fortinet FortiOS 5.0 Patch 7 (build 4457) affecting the CAPWAP server. The issue allows remote authenticated users to inject arbitrary web script or HTML via the WTP Name or WTP Active Software Version fields in a CAPWAP Join request. Affect...