CVE-2012-4948

high

Description

The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.

References

http://www.securityfocus.com/bid/56382

http://www.kb.cert.org/vuls/id/111708

http://osvdb.org/87048

Details

Source: Mitre, NVD

Published: 2012-11-14

Updated: 2016-12-07

Risk Information

CVSS v2

Base Score: 5.3

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High