Information disclosure in Fortinet Fortimanager
CVE-2016-8495
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices…
Vulnerability class: Information Disclosure
EPSS: 0.001 (31.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.4 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Fortinet Fortimanager — versions 5.4.0 to 5.4.1, 5.0.6 to 5.2.7
- Fortinet Fortimanager_firmware — versions 5.0.3, 5.0.4, 5.0.5
Weakness classification (CWE)
References
- psirt@fortinet.com (vdb-entry, x_refsource_SECTRACK)
- psirt@fortinet.com (x_refsource_CONFIRM, Vendor Advisory)
- psirt@fortinet.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2016-8495?
- CVE-2016-8495 is a high-severity vulnerability in Fortinet Fortimanager, classified under Information Disclosure. CVSS score: 7.4/10. Published 2017-02-13.
- How severe is CVE-2016-8495?
- High severity. CVSS v3 base score is 7.4 out of 10.