Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fortigate UTM设备CA SSL证书创建安全绕过漏洞
Vulnerability Description
Fortinet FortiGate是美国飞塔(Fortinet)公司开发的一套网络安全平台。该平台提供防火墙、防病毒和入侵防御(IPS)、应用控制、反垃圾邮件、无线控制器和广域网加速等功能。 Fortinet Fortigate UTM应用的默认配置中存在漏洞,该漏洞源于使用相同的Certification Authority证书和跨不同用户安装相同的私钥。中间人攻击者利用在受信任的根证书颁发机构列表中存在的Fortinet_CA_SSLProxy证书,欺骗SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A