Fortinet FortiClient OpenSSL Security Bypass

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host is affected by a security bypass

Description :

FortiClient, a client-based software solution intended to provide
security features for enterprise computers and mobile devices, is
installed on the remote Windows host.

The installed FortiClient version uses a vulnerable OpenSSL library
that contains a flaw with the handshake process. The flaw could allow
an attacker to cause usage of weak keying material leading to
simplified man-in-the-middle attacks.

See also :

Solution :

Upgrade to Fortinet FortiClient 5.0.10 / 5.2.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 76535 ()

Bugtraq ID: 67899

CVE ID: CVE-2014-0224

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now