Fortinet OpenSSL Information Disclosure (Heartbleed)

High Nessus Plugin ID 73669


The remote host is affected by an information disclosure vulnerability.


The firmware of the remote Fortinet host is running a version of OpenSSL that is affected by a remote information disclosure, commonly known as the 'Heartbleed' bug. A remote, unauthenticated, attacker could potentially exploit this vulnerability to extract up to 64 kilobytes of memory per request from the device.


Upgrade to a firmware version containing a fix for this vulnerability as referenced in the vendor advisory.

See Also

Plugin Details

Severity: High

ID: 73669

File Name: fortinet_FG-IR-14-011.nasl

Version: $Revision: 1.9 $

Type: local

Family: Misc.

Published: 2014/04/11

Modified: 2016/05/20

Dependencies: 73522

Risk Information

Risk Factor: High


Base Score: 9.4

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: Host/Fortigate/model, Host/Fortigate/version, Host/Fortigate/build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/04/09

Vulnerability Publication Date: 2014/04/08

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0160

BID: 66690

OSVDB: 105465

CERT: 720951

EDB-ID: 32745, 32764, 32791, 32998