Fortinet FortiOS 5.0.x < 5.0.12 / 5.2.x < 5.2.4 Weak Ciphers (FG-IR-15-021)

Medium Nessus Plugin ID 85911


The remote host supports weak ciphers


The remote host is running a version of Fortinet FortiOS that is 5.0.x prior to 5.0.12 or 5.2.x prior 5.2.4. It is, therefore, affected by a flaw when connecting to a FortiGuard server via TLS due to the support of weak ciphers such as anonymous, export, and RC4. A man-in-the-middle attacker can exploit this to downgrade the TLS cipher suite and conduct attacks on the TLS connection.


Upgrade to Fortinet FortiOS 5.0.12 / 5.2.4 or later.

See Also

Plugin Details

Severity: Medium

ID: 85911

File Name: fortios_FG-IR-15-021.nasl

Version: $Revision: 1.2 $

Type: local

Family: Firewalls

Published: 2015/09/11

Modified: 2015/09/14

Dependencies: 73522

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:fortinet:fortios

Required KB Items: Host/Fortigate/model, Host/Fortigate/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/07/24

Vulnerability Publication Date: 2015/07/24

Reference Information

CVE: CVE-2015-2323

BID: 76047

OSVDB: 125579