Description
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.
Published: 2012-11-14
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2012-4873 The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities.
History

No history.

Subscriptions

Fortinet Fortigate-1000c Fortigate-100d Fortigate-110c Fortigate-1240b Fortigate-200b Fortigate-20c Fortigate-300c Fortigate-3040b Fortigate-310b Fortigate-311b Fortigate-3140b Fortigate-3240c Fortigate-3810a Fortigate-3950b Fortigate-40c Fortigate-5001a-sw Fortigate-5001b Fortigate-5020 Fortigate-5060 Fortigate-50b Fortigate-5101c Fortigate-5140b Fortigate-600c Fortigate-60c Fortigate-620b Fortigate-800c Fortigate-80c Fortigate-voice-80c Fortigaterugged-100c
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2024-08-06T20:50:18.189Z

Reserved: 2012-09-17T00:00:00.000Z

Link: CVE-2012-4948

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-11-14T12:30:59.507

Modified: 2026-04-29T01:13:23.040

Link: CVE-2012-4948

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses