Vulnerability Details : CVE-2014-0351
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.
Exploit prediction scoring system (EPSS) score for CVE-2014-0351
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 37 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0351
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.4
|
MEDIUM | AV:A/AC:M/Au:N/C:P/I:P/A:P |
5.5
|
6.4
|
NIST |
CWE ids for CVE-2014-0351
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0351
-
http://www.securityfocus.com/bid/69754
Fortinet FortiOS CVE-2014-0351 Man in the Middle Information Disclosure Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96119
Fortinet FortiOS FortiManager Service man-in-the-middle CVE-2014-0351 Vulnerability Report
-
http://www.kb.cert.org/vuls/id/730964
VU#730964 - FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilitiesThird Party Advisory;US Government Resource
-
http://www.fortiguard.com/advisory/FG-IR-14-006/
FortiGuardVendor Advisory
Products affected by CVE-2014-0351
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:4.3.10:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:4.3.12:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:4.3.14:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:4.3.13:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*