SB2017021502 - Password disclosure during TLS certificate validation in Fortinet FortiManager
Published: February 15, 2017
Security Bulletin ID
SB2017021502
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2016-8495)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect validation of TLS certificates in FortiManager. A remote attacker from local network can try to access devices using affected software and obtain pre-shared encryption key.
Successful exploitation of the vulnerability may allow an attacker to gain access to passwords.
Remediation
Install update from vendor's website.