Fortinet OpenSSL Information Disclosure (Heartbleed)

Medium Nessus Plugin ID 73669


The remote host is affected by an information disclosure vulnerability.


The firmware of the remote Fortinet host is running a version of OpenSSL that is affected by a remote information disclosure, commonly known as the 'Heartbleed' bug. A remote, unauthenticated, attacker could potentially exploit this vulnerability to extract up to 64 kilobytes of memory per request from the device.


Upgrade to a firmware version containing a fix for this vulnerability as referenced in the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 73669

File Name: fortinet_FG-IR-14-011.nasl

Version: 1.12

Type: local

Family: Misc.

Published: 2014/04/11

Updated: 2019/11/26

Dependencies: 73522

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2014-0160

CVSS v2.0

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: Host/Fortigate/model, Host/Fortigate/version, Host/Fortigate/build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/04/09

Vulnerability Publication Date: 2014/04/08

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0160

BID: 66690

CERT: 720951

EDB-ID: 32745, 32764, 32791, 32998