Critical Infrastructure Sectors: Energy
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 up to and including 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 up to and including 7.0.9, 7.2.0 up to and including 7.2.3 may allow a remote and unauthenticated malicious user to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortios 7.2.0 |
||
fortinet fortios |