Back to search
CVE-2015-1571
Published: Feb 10, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20150129 Fortinet FortiOS Multiple Vulnerabilities
mailing-list
x_refsource_FULLDISC
http://www.fortiguard.com/advisory/FG-IR-15-002/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now