CVE-2016-8495

CWE-200 — Information Exposure4 documents4 sources

Severity

7.4HIGH

EPSS

0.1%

top 67.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortimanager Fortinet Fortimanager Firmware

Timeline

PublishedFeb 13

Latest updateMay 17

Description

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5fortinet/fortimanager5.0.6 to 5.2.7, 5.4.0 to 5.4.1+1

▶NVDfortinet/fortimanager_firmware18 versions+17

🔴Vulnerability Details

GHSA

GHSA-vq5h-hrvh-ff3m: An improper certificate validation vulnerability in Fortinet FortiManager 5↗2022-05-17

▶

CVEList

CVE-2016-8495: An improper certificate validation vulnerability in Fortinet FortiManager 5↗2017-02-13

▶

📋Vendor Advisories

Fortinet

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 al...↗2017-02-13

▶