BID:69754

Fortinet FortiOS CVE-2014-0351 Man in the Middle Information Disclosure Vulnerability

Info

Fortinet FortiOS CVE-2014-0351 Man in the Middle Information Disclosure Vulnerability

Bugtraq ID:	69754
Class:	Design Error
CVE:	CVE-2014-0351
Remote:	Yes
Local:	No
Published:	Sep 08 2014 12:00AM
Updated:	Sep 22 2014 06:18PM
Credit:	Gregor Kopf (Recurity Labs)
Vulnerable:

Not Vulnerable:

Discussion

Fortinet FortiOS CVE-2014-0351 Man in the Middle Information Disclosure Vulnerability

Fortinet FortiOS is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to perform man-in-the-middle attacks and disclose sensitive information. Successful exploits will lead to other attacks.

Exploit / POC

Fortinet FortiOS CVE-2014-0351 Man in the Middle Information Disclosure Vulnerability

An attacker may use readily available tools to exploit this issue.

Solution / Fix

Fortinet FortiOS CVE-2014-0351 Man in the Middle Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Fortinet FortiOS CVE-2014-0351 Man in the Middle Information Disclosure Vulnerability

References:

FortiOS Homepage (Fortinet)
FortiGate Vulnerability in FortiManager Service (Fortinet)
VU#730964 FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabi (CERT)