CVE-2012-4948

Currently unrated

Key Information:

Vendor: Fortinet
Status: Fortigate-3140b; Fortigate-60c; Fortigate-3040b; Fortigate-300c
Vendor: CVE Published:; 14 November 2012

Summary

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.

References

http://www.kb.cert.org/vuls/id/111708

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/bid/56382

vdb-entryx_refsource_BID

http://osvdb.org/87048

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Nov 14, 2012
Vulnerability Reserved
Sep 17, 2012