Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4948

Overview

Vulnerability Score 5.3 5.3
CVE Id CVE-2012-4948
Last Modified 17 Aug 2013 02:49:48
Published 14 Nov 2012 07:30:59
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-4948

Summary

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.

Vulnerable Systems


References

CERT-VN - VU#111708

BID - 56382

OSVDB - 87048


Last Updated: 27 May 2016 10:58:28