Fortinet FortiClient OpenSSL Security Bypass

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by a security bypass
vulnerability.

Description :

FortiClient, a client-based software solution intended to provide
security features for enterprise computers and mobile devices, is
installed on the remote Windows host.

The installed FortiClient version uses a vulnerable OpenSSL library
that contains a flaw with the handshake process. The flaw could allow
an attacker to cause usage of weak keying material leading to
simplified man-in-the-middle attacks.

See also :

http://www.fortiguard.com/advisory/FG-IR-14-018

Solution :

Upgrade to Fortinet FortiClient 5.0.10 / 5.2.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 76535 ()

Bugtraq ID: 67899

CVE ID: CVE-2014-0224

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now