Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fortinet FortiOS 安全漏洞
Vulnerability Description
Fortinet FortiOS是美国飞塔(Fortinet)公司开发的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSL VPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS 5.0 Patch 7 build 4457版本的CAPWAP DTLS协议实现过程中存在安全漏洞,该漏洞源于程序在不同的用户安装过程中使用相同的证书和私钥。攻击者可借助Fortinet_Factory证书和私钥利用该漏洞实施中间人攻击,伪造
CVSS Information
N/A
Vulnerability Type
N/A